A privileged user, which can gain command execution with NT AUTHORITY/SYSTEM rights can hijack any currently logged in user's session, without any knowledge about his credentials.
Terminal Services session can be either in connected or disconnected state.
GitHub has awarded a researcher $18,000 for disclosing a security flaw in GitHub Enterprise which could have lead to remote code execution.
According to independent German researcher Markus Fenske, the code repository awarded him the amount for disclosing a serious security vulnerability in GitHub Enterprise, an on-premise version of GitHub designed for businesses looking to collaborate on coding but retain strict control of permissions and access to projects.
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
Contestants at this year's Pwn2Own hacking competition in Vancouver just pulled off an unusually impressive feat: they compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in. The hack fetched a prize of $105,000, the highest awarded so far over the past three days.
According to a Friday morning tweet from the contest's organizers, members of Qihoo 360's security team carried out the hack by exploiting a heap overflow bug in Edge, a type confusion flaw in the Windows kernel and an uninitialized buffer vulnerability in VMware, contest organizers reported Friday morning on Twitter. The result was a "complete virtual machine escape."