A zero-day vulnerability has been discovered that impacts Windows systems with active Remote Desktop Protocol (RDP) sessions. Tracked as CVE-2019-9510, the vulnerability lies in Windows RDP Network Level Authentication(NLA) that allows attackers to bypass Windows lock screen and permit unauthorized access to the system. Systems with Windows 10 (version 1803 or later) and Server 2019 are affected by this authentication bypass flaw.
The big picture
The advisory suggested that the flaw was due to the lock screen behavior when RDP sessions were active.
“It is important to note that this vulnerability is with the Microsoft Windows lock screen's behavior when RDP is being used, and the vulnerability is present when no MFA solutions are installed. While MFA product vendors are affected by this vulnerability, the MFA software vendors are not necessarily at fault for relying on the Windows lock screen to behave as expected,” read the advisory.