Cybersecurity researchers discovered a method to bypass Microsoft’s MFA by exploiting device code authentication and Primary Refresh Tokens (PRTs). This technique allows attackers to register Windows Hello keys, creating a persistent backdoor. The attack manipulates request parameters to force MFA, complicating detection for users and administrators alike. Prevention demands strict MFA enforcement and vigilant monitoring strategies.
Critical Microsoft Telnet 0-Click Vulnerability Exposes Windows Credentials
A critical vulnerability in Microsoft Telnet Server allows remote attackers to bypass authentication entirely, gaining administrative access without credentials. Affecting legacy Windows systems (2000 through
