Re: Microsoft: “It’s Not A Bug, It’s A Feature!”

Liste des GroupesRevenir à col advocacy 
Sujet : Re: Microsoft: “It’s Not A Bug, It’s A Feature!”
De : T (at) *nospam* invalid.invalid (T)
Groupes : comp.os.linux.advocacy alt.comp.os.windows-11
Date : 01. May 2025, 08:02:44
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vuv6ak$ucma$1@dont-email.me>
References : 1
User-Agent : Betterbird (Linux)
On 4/30/25 4:36 PM, Lawrence D'Oliveiro wrote:
Windows RDP is a mechanism for doing remote GUI logins to a Dimdows
machine. It turns out that RDP has a “feature” whereby it continues to
allow you to log in using an old password, even after that password
has been revoked.
 Microsoft doesn’t seem to see this as a security issue at all:
      In response, Microsoft said the behavior is a “a design decision
     to ensure that at least one user account always has the ability to
     log in no matter how long a system has been offline.” As such,
     Microsoft said the behavior doesn’t meet the definition of a
     security vulnerability, and company engineers have no plans to
     change it.
 Not only that, the problem had been reported to the company by another
security researcher nearly two years earlier:
      "We originally looked at a code change for this issue, but after
     further review of design documentation, changes to code could
     break compatibility with functionality used by many applications."
 <https://arstechnica.com/security/2025/04/windows-rdp-lets-you-log-in-using-revoked-passwords-microsoft-is-ok-with-that/>
This does not pass the stink test.

Date Sujet#  Auteur
1 May 25 * Microsoft: “It’s Not A Bug, It’s A Feature!”2Lawrence D'Oliveiro
1 May 25 `- Re: Microsoft: “It’s Not A Bug, It’s A Feature!”1T

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal