One of our IT folks found a Win10 / SRV2019 lock screen bypass (with caveats), which I have confirmed. Yes, some vulnerabilities are voodoo/black-magic level. But a non-trivial amount can be found with these steps: 1) Use systems. 2) Notice anomalies. 3) Investigate anomalies.
-
Show this thread
-
I'm having a surprisingly-difficult time conveying to Microsoft that this might have a security impact, so perhaps it's time for a 2nd opinion. When I lock a password-protected Windows session, I expect that the lock screen:
1 reply 0 retweets 1 likeShow this thread -
Replying to @wdormann
It's kind of a security theatre, especially on a network'd and domain joined system to be honest. You can remotely unlock systems with admin rights, for example. Depends on the details here.
1 reply 0 retweets 1 like -
Replying to @GossiTheDog
Indeed. In this case, no admin rights or domain is required, though.
1 reply 0 retweets 0 likes -
Replying to @wdormann
They should probably fix it. If it involves Cortana, they just revised the security guidelines saying to disable it.
1 reply 0 retweets 1 like
Yeah, no Cortana involved here. I can share more details after their 45-day timer is up. It's not a home-run, but it definitely falls in the "This shouldn't happen" category for me.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.