CyberSecurityBoard
Sponsor Register Login

Windows RDP Bug Allows Login With Expired Passwords

The issue came to light after independent security researcher Daniel Wade reported to the Microsoft Security Response Center that, under certain conditions, RDP will continue to accept old passwords for remote access, even after a user has changed their password due to compromise or routine security hygiene. Wade’s findings, detailed in a report by Ars Technica, warn that this behavior undermines the very trust users place in password changes as a means to cut off unauthorized access. Microsoft’s stance leaves millions at risk, highlighting a fundamental disconnect between user expectations of password security and the realities of Windows’ RDP design. Microsoft has confirmed that its Remote Desktop Protocol (RDP) allows users to log into Windows machines using passwords that have already been changed or revoked. The company says it has no plans to change this behavior, describing it as an intentional design decision rather than a security vulnerability. If the password matches any previously valid, cached credential, even one that’s been changed or revoked, it grants access. A Microsoft spokesperson confirmed the company has been aware of the issue since at least August 2023, but maintains that changing the behavior could break compatibility with existing applications.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 02 May 2025 09:20:08 +0000


Cyber News related to Windows RDP Bug Allows Login With Expired Passwords

How To Protect RDP From Ransomware Attacks - RDP is common across businesses now that roughly half of all Americans can work at least part time from home. Employees can keep their work computers in the office but use them from their home devices through RDP. How Cybercriminals Target RDP As ...
1 year ago Feeds.dzone.com
Enzoic for AD Lite Data Shows Increase in Crucial Risk Factors - The 2023 data from Enzoic for Active Directory Lite data from 2023 offers a revealing glimpse into the current state of cybersecurity, highlighting a significant increase in risk factors that lead to data breaches. The free password auditor has been ...
1 year ago Securityboulevard.com
CVE-2024-56547 - In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix missed RCU barrier on deoffloading Currently, running rcutorture test with torture_type=rcu fwd_progress=8 n_barrier_cbs=8 nocbs_nthreads=8 nocbs_toggle=100 ...
4 months ago Tenable.com
The most popular passwords of 2023 are easy to guess and crack - Each year, analysts at various Internet security companies release lists of the most used passwords. ADVERTISEMENT. The passwords that are on these lists may act as a warning for any Internet and electronic device user. Some common passwords have ...
1 year ago Ghacks.net
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
Windows RDP Bug Allows Login With Expired Passwords - The issue came to light after independent security researcher Daniel Wade reported to the Microsoft Security Response Center that, under certain conditions, RDP will continue to accept old passwords for remote access, even after a user has changed ...
3 days ago Cybersecuritynews.com
Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections - This method, described as “Rogue RDP” by GTIG, allows attackers to access the victim’s file systems, clipboard data, and potentially even system variables, all under the guise of a legitimate application check. The deployment of ...
3 weeks ago Cybersecuritynews.com
CVE-2024-56644 - In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6_negative_advice() when this function is executed for an expired IPv6 route located in the ...
4 months ago Tenable.com
Top Ten Passwords Used by Hackers to Attack the RDP Servers - The Specops research team analyzed 15 million passwords used in live attacks against RDP ports, revealing that simple, predictable passwords continue to be exploited by threat actors targeting remote access points. “An end user who had chosen a ...
1 month ago Cybersecuritynews.com
The 7 technology trends that could replace passwords - In passwords, this provides a secure way to let users prove that they know their own password, without any need to transmit their actual credentials – it is a cryptographic method that proves you know your password without needing to actually ...
1 month ago Bleepingcomputer.com
Malware abuses Google OAuth endpoint to 'revive' cookies, hijack accounts - Session cookies are a special type of browser cookie that contains authentication information, allowing a person to automatically log in to websites and services without entering their credentials. These types of cookies are meant to have a limited ...
1 year ago Bleepingcomputer.com
Microsoft Warns of New StilachiRAT Stealing Remote Desktop Protocol Sessions Data - Microsoft has issued an urgent security advisory regarding a newly discovered malware strain called StilachiRAT, which specifically targets and exfiltrates data from Remote Desktop Protocol (RDP) sessions. Microsoft recommends organizations implement ...
1 month ago Cybersecuritynews.com
New Remote Desktop Puzzle Let Hackers Exfiltrate Sensitive Data From Organization - “The RDP bitmap cache is a witness to remote desktop interactions, providing insights into past activities,” Pen Test Partners said to Cyber Security News. In a recent case study, Pen Test Partners investigated a data breach where an ...
4 days ago Cybersecuritynews.com
CVE-2024-35929 - In the Linux kernel, the following vulnerability has been resolved: ...
11 months ago
Kimusky Hackers Exploiting RDP & MS Office Vulnerabilities in Targeted Attacks - A sophisticated Advanced Persistent Threat (APT) operation named Larva-24005, linked to the notorious Kimsuky threat group, has been discovered actively exploiting critical vulnerabilities in Remote Desktop Protocol (RDP) and Microsoft Office ...
2 weeks ago Cybersecuritynews.com Equation Kimsuky CVE-2019-0708
Getting a Remote Desktop Freeze? Microsoft Fixes Windows 11 Issue - Microsoft has released a patch to fix the Remote Desktop freeze bug in Windows 11. This bug caused computers to freeze after some users tried to connect using the Remote Desktop protocol. Microsoft's technical support team has been working on the ...
2 years ago Bleepingcomputer.com
5 Lessons Learned from Windows Remote Desktop Honeypot Report - Recently, the SANS Institute released their annual Windows Remote Desktop Honeypot Report, providing comprehensive insights into the nature of malicious activity in a Windows environment. In order to understand how your own Windows network can be ...
2 years ago Bleepingcomputer.com
Microsoft fixes Remote Desktop issues caused by Windows updates - "After installing the January 2025 Windows preview update (KB5050094) and later updates, users might experience unexpected disconnections with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS)," the company said in a ...
1 month ago Bleepingcomputer.com
How to use the Apple Passwords app - Help Net Security - The app’s Security section informs you if you have chosed easily guessable or reused passwords, or if that particular password has been compromised (i.e., appears in public data leaks). To edit passwords, select the “All” section and then ...
7 months ago Helpnetsecurity.com
Microsoft: New RAT malware used for crypto theft, reconnaissance - Last but not least, Microsoft says StilachiRAT allows command execution and potential SOCKS-like proxying using commands from a command-and-control (C2) server to the infected devices, which can let the threat actors reboot the compromised system, ...
1 month ago Bleepingcomputer.com
In Pursuit of a Passwordless Future - Many computer users dream of a day when the industry can move past its reliance on passwords to reach a more serene future of frictionless cybersecurity. The fact is that countless remaining devices and systems have been aging and based on password ...
1 year ago Securityboulevard.com
Protect your Active Directory from these Password-based Vulnerabilities - Deploying a security solution like Specops Password Policy enhances the protection of passwords, which are frequently exploited as an initial entry point by attackers. In this attack, the perpetrator, typically using a compromised low-level account ...
1 year ago Bleepingcomputer.com
In Pursuit of a Passwordless Future - Many computer users dream of a day when the industry can move past its reliance on passwords to reach a more serene future of frictionless cybersecurity. The fact is, countless remaining devices and systems are aging relics that have been based on ...
1 year ago Cyberdefensemagazine.com
Microsoft: Recent Windows updates cause Remote Desktop issues - "After installing the January 2025 Windows preview update (KB5050094) and later updates, users might experience unexpected disconnections with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS)," the company said in a new ...
1 month ago Bleepingcomputer.com
Jason's Deli Restaurant Chain Hit by a Credential Stuffing Attack - The personal information of more than 340,000 customers of popular restaurant chain Jason's Deli may have been victims of a credential stuffing attack, a scheme in which the hacker uses stolen or leaked credentials to log into other online accounts. ...
1 year ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)