Feature or flaw? How to hijack a Windows account in less than a minute

A security researcher has published a way to gain the highest level of a network’s access — without needing a password.

Alexander Korznikov said in a blog post that a privileged user, such as a local administrator with system rights and permissions, can use built-in command line tools to hijack the session of another logged-in user who has higher privileges.

He said that if that other logged-in user is a domain administrator, it’s possible to hijack their session, giving that local administrator full access to the network, including domain services.

Source: ZDNet