{"id":44850,"date":"2022-01-13T14:45:00","date_gmt":"2022-01-13T14:45:00","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/rdp-bug-enables-data-theft-smartcard-hijacking"},"modified":"2022-01-13T14:45:00","modified_gmt":"2022-01-13T14:45:00","slug":"microsoft-rdp-bug-enables-data-theft-smart-card-hijacking","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/","title":{"rendered":"Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltc61772b4808b89e7\/61df7e77fbcd6c0341933591\/rdp_Funtap_shutterstock.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Microsoft Windows systems going back to at least Windows Server 2012 R2 are affected by a vulnerability in the Remote Desktop Services protocol that gives attackers, connected to a remote system via RDP, a way to gain file system access on the machines of other connected users.<\/p>\n<p>Threat actors that exploit the flaw can view and modify clipboard data or impersonate the identities of other users logged in to the machine in order to escalate privileges or to move laterally on the network, researchers from CyberArk discovered recently. They reported the issue to Microsoft, which issued a patch for the flaw (<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21893\" target=\"_blank\" rel=\"noopener\">CVE-2022-21893<\/a>) in <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/microsoft-kicks-off-2022-with-96-security-patches\" target=\"_blank\" rel=\"noopener\">its security update for January this Tuesday.<\/a><\/p>\n<p>Microsoft&#8217;s RDP allows users to access and control a Windows system from a remote client almost as if they were working on the system locally. Organizations use it for a variety of reasons, including enabling remote access to systems for IT help desk and support services, providing remote employees with access to an environment that mimics resources at their office, and enabling access to virtual machines in cloud environments.<\/p>\n<p>In RDP, a single connection can be broken up into multiple virtual channels. Data in these channels are passed to other processes via a Windows service called &#8220;named pipes.&#8221; &#8220;Named pipes are a mechanism for communication between two processes running on a Windows machine,&#8221; says Gabriel Sztejnworcel, a software architect at CyberArk. Windows Remote Desktop Services uses named pipes to pass data \u2014 such as data in clipboards, and smart-card authentication data \u2014 between the client and remote system.<\/p>\n<p>The vulnerability that <a href=\"https:\/\/www.cyberark.com\/resources\/threat-research-blog\/attacking-rdp-from-inside\" target=\"_blank\" rel=\"noopener\">CyberArk discovered<\/a> is associated with the way named pipes are created in some situations. The security vendor found the flaw basically allows any user to create a named pipe server instance in such a manner that certain data traveling between the remote and client system essentially flows through their maliciously created pipes. They found an attacker could use the flaw to establish a man-in-the-middle presence to intercept data such as that in clipboards of the client devices connected to the remote system, or smart-card PINs that a user might enter for authenticating to the client device.<\/p>\n<p>Sztejnworcel says CyberArk researchers discovered that any unprivileged user connected to a remote machine via RDS could exploit the vulnerability to intercept, view, and modify data from sessions of other users who might be connected to the same remote machine. &#8220;This could be leveraged for getting access to the file systems of other users&#8217; client machines and using other users&#8217; smart cards and PIN numbers to authenticate, effectively impersonating the victim&#8217;s identity,&#8221; he says. &#8220;Most importantly, this could lead to privilege escalation.&#8221;<\/p>\n<p>According to Sztejnworcel, the vulnerability that CyberArk discovered is not especially hard to exploit. CyberArk developed a simple exploit tool that creates its own pipe server instance and showed how an attacker could use it to access the file system of the victim, intercept whatever the victim copy-pastes from the remote system, and steal smart-card PINs for logging on to resources as an authorized user.<\/p>\n<p>Sztejnworcel points to a couple of examples where a remote system might have multiple client devices connected to it. A jump box to which users connect to access an internal network, is one example, he says. Similarly, a session-based desktop environment where many users connect to the same machine and run applications would be another.<\/p>\n<p>&#8220;It might also be possible, using simple social engineering techniques, to trick high-privilege users to log in to a machine the attacker is already connected to,&#8221; he says. &#8220;It can be another server or even a personal workstation. The machine itself doesn\u2019t have to be compromised since exploiting the vulnerability doesn\u2019t require high privileges.&#8221;<\/p>\n<p><strong>Favorite Attack Target<\/strong><br \/>Attackers have long used Microsoft&#8217;s RDP to try to gain an initial foothold on enterprise networks. In many cases, threat actors have had to do little more than search for devices with RDP services exposed to the Internet in order to break into a network. Initial access brokers have over the years curated a massive list of servers with exposed RDP services that they have been making available to ransomware operators and other threat groups for a fee. A study that <a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2021\/07\/diagnosing-the-ransomware-deployment-protocol\/\" target=\"_blank\" rel=\"noopener\">Palo Alto Networks<\/a> conducted last year showed that RDP accounted for some 30% of the total enterprise exposures on the Web. Attacks targeting the protocol escalated sharply in the spring of 2020 \u2014 and has mostly <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/rdp-attacks-persist-near-record-levels-in-2021\" target=\"_blank\" rel=\"noopener\">remained that way<\/a> \u2014 with organizations switching to more remote and distributed work environments in the wake of the COVID-19 pandemic.<\/p>\n<p>Over the years, RDP has had its share of vulnerabilities as well. One example is BlueKeep (<a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4500705\/customer-guidance-for-cve-2019-0708\" target=\"_blank\" rel=\"noopener\">CVE-2019-0708<\/a>) a critical remote code execution in RDP that researchers discovered in 2019. The flaw affected RDP in multiple legacy versions of Windows including Windows XP, Windows 7, and Windows Server 2008. Another example is a so-called <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/microsoft-patch-for-reverse-rdp-flaw-leaves-room-for-other-attacks\" target=\"_blank\" rel=\"noopener\">reverse RDP flaw<\/a> (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-0887\" target=\"_blank\" rel=\"noopener\">CVE-2019-0887<\/a>), which Check Point disclosed at Black Hat USA 2019.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/rdp-bug-enables-data-theft-smartcard-hijacking\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The vulnerability was patched this week in Microsoft&#8217;s set of security updates for January 2022.Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/rdp-bug-enables-data-theft-smartcard-hijacking\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-44850","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-13T14:45:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltc61772b4808b89e7\/61df7e77fbcd6c0341933591\/rdp_Funtap_shutterstock.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking\",\"datePublished\":\"2022-01-13T14:45:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\\\/\"},\"wordCount\":828,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltc61772b4808b89e7\\\/61df7e77fbcd6c0341933591\\\/rdp_Funtap_shutterstock.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\\\/\",\"name\":\"Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltc61772b4808b89e7\\\/61df7e77fbcd6c0341933591\\\/rdp_Funtap_shutterstock.jpg\",\"datePublished\":\"2022-01-13T14:45:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltc61772b4808b89e7\\\/61df7e77fbcd6c0341933591\\\/rdp_Funtap_shutterstock.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltc61772b4808b89e7\\\/61df7e77fbcd6c0341933591\\\/rdp_Funtap_shutterstock.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-01-13T14:45:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltc61772b4808b89e7\/61df7e77fbcd6c0341933591\/rdp_Funtap_shutterstock.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking","datePublished":"2022-01-13T14:45:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/"},"wordCount":828,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltc61772b4808b89e7\/61df7e77fbcd6c0341933591\/rdp_Funtap_shutterstock.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/","url":"https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/","name":"Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltc61772b4808b89e7\/61df7e77fbcd6c0341933591\/rdp_Funtap_shutterstock.jpg","datePublished":"2022-01-13T14:45:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltc61772b4808b89e7\/61df7e77fbcd6c0341933591\/rdp_Funtap_shutterstock.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltc61772b4808b89e7\/61df7e77fbcd6c0341933591\/rdp_Funtap_shutterstock.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-rdp-bug-enables-data-theft-smart-card-hijacking\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44850","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44850"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44850\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44850"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44850"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44850"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}