Techly NewsGet the app

Get the latest tech news

Windows Remote Desktop Protocol contains a login backdoor Microsoft refuses to fix


Independent researchers have discovered, or should we say rediscovered, a major security vulnerability in Microsoft's Remote Desktop Protocol (RDP). Previously known as Terminal Services, RDP appears to...

Microsoft's online management and security platforms – including Entra ID, Azure, and Defender – do not raise any alarms, and newer passwords may be ignored while older ones still function. According to Microsoft, the behavior is a design decision meant to "ensure that at least one user account always has the ability to log in no matter how long a system has been offline." Redmond engineers reportedly attempted to modify the code to eliminate the backdoor but abandoned the effort, as the changes could break compatibility with a Windows feature that many applications still rely on.

Get the Android app

Or read this on r/technology

Read more on:

Photo of Microsoft

Microsoft

Photo of login backdoor

login backdoor

Related news:

News photo

Microsoft Appoints Deputy CISO For Europe To Reassure European IT leaders

News photo

Microsoft’s new “passwordless by default” is great but comes at a cost

News photo

Microsoft has no plans to fix Windows RDP bug that lets you log in with old passwords

« You could just choose optimism
ePub-utils: A Python library and CLI tool for inspecting ePub from the terminal »