GIGAZINE

It is possible to log in with an old password that has already been changed using the Windows Remote Desktop Protocol, and since Microsoft has made it an official specification ...

Remote Desktop Protocol (RDP) allows users to log in even with old passwords that have already been changed. Since Microsoft has stated that this is an 'official specification' and that it has no ...
Ars Technica

Windows RDP lets you log in using revoked passwords. Microsoft is OK with that.

Researchers say the behavior amounts to a persistent backdoor.
Threat Post

Black Hat 2019: Microsoft Protocol Flaw Leaves Azure Users Open to Attack

At Black Hat USA 2019, researchers showed how a previously-disclosed flaw on Windows systems that could allow arbitrary code execution could also impact Hyper-V. LAS VEGAS – A path-traversal ...
Threat Post

Critical Microsoft Remote Desktop Flaw Fixed in Security Update

Microsoft has released fixes for nine critical and 49 important vulnerabilities as part of Patch Tuesday. Microsoft released patches for nine critical vulnerabilities as part of its October Patch ...
heise online

Windows log-in possible via RDP with revoked passwords

After an attack or if compromised access data is known, admins revoke passwords and have them reset so that malicious actors cannot log in with compromised data. If remote desktop protocol (RDP) ...
Bleeping Computer

Microsoft Ignored RDP Vulnerability Until it Affected Hyper-V

A vulnerability in Microsoft's Remote Desktop Protocol (RDP) can also be used to escape virtual machines running on Hyper-V, the virtualization technology in Azure and Windows 10. The bug is a path ...