CVE-2019-9510

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 10 1803 and later Microsoft Windows Server versions 2019 and later

Description The issue is related to errors in handling RDP sessions based on NLA, allowing an attacker to bypass two-factor authentication mechanisms by temporarily disconnecting an RDP connection and then automatically reconnecting. This can enable authenticated RDP-connected clients to gain access to user sessions without interacting with the Windows lock screen. If a network anomaly triggers a temporary RDP disconnect, the Automatic Reconnection of the RDP session will restore it to an unlocked state. An attacker with access to a system being used as a Windows RDP client can exploit this by interrupting network connectivity to gain access to a connected remote system, regardless of whether the remote system was locked.

Recommendations For Microsoft Windows versions 10 1803 and later, consider disabling Automatic Reconnection of RDP sessions as a temporary workaround until a patch is available. For Microsoft Windows Server versions 2019 and later, restrict access to RDP connections to minimize the risk of exploitation. Avoid using RDP connections on untrusted networks until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.