{"id":227027,"date":"2020-01-15T10:34:43","date_gmt":"2020-01-15T09:34:43","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=227027"},"modified":"2020-01-15T18:21:15","modified_gmt":"2020-01-15T17:21:15","slug":"windows-server-schwachstelle-cve-2020-0609-im-remote-desktop-gateway","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2020\/01\/15\/windows-server-schwachstelle-cve-2020-0609-im-remote-desktop-gateway\/","title":{"rendered":"Windows Server: Schwachstelle CVE-2020-0609 im Remote Desktop Gateway"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\"\/>[<a href=\"https:\/\/borncity.com\/win\/2020\/01\/15\/windows-server-vulnerability-cve-2020-0609-in-remote-desktop-gateway\/\" target=\"_blank\" rel=\"noopener noreferrer\">English<\/a>]Kleiner Sicherheitshinweis f\u00fcr Administratoren, die den Windows (Essentials) Server 2012 und Windows Server 2016\/2019 mit aktivierter Remote Desktop Gateway-Rolle betreiben. Falls der \u00fcber Port 443 und 3389 f\u00fcr Nutzer erreichbar sein soll, lest die nachfolgenden Hinweise zur RCE-Schwachstelle CVE-2020-0609.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg07.met.vgwort.de\/na\/91a911b0a9c74343b59af5fa0a36b44c\" width=\"1\" height=\"1\"\/>Aktuell herrscht ja 'helle Aufregung' um die von der NSA an Microsoft gemeldete CryptoAPI-Schwachstelle in Windows 10 und Windows Server 2016\/2019. Da installiert ihr nach ausgiebigen Tests die betreffenden Updates und gut ist. <\/p>\n<h2>CVE-2020-0609 bei Windows Server<\/h2>\n<p>Ich bin die Nacht bereits \u00fcber einen Tweet von Woody Leonhard auf das Thema aufmerksam geworden. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">If you're an admin with an Essentials 2012 (or later) server, or you use RD Gateway over port 443, you really need to install the latest patches. CVE-2020-0609 <a href=\"https:\/\/twitter.com\/hashtag\/PatchLady?src=hash&amp;ref_src=twsrc%5Etfw\">#PatchLady<\/a> <a href=\"https:\/\/t.co\/Mmmvl6hCdP\">https:\/\/t.co\/Mmmvl6hCdP<\/a><\/p>\n<p>\u2014 Woody Leonhard (@AskWoody) <a href=\"https:\/\/twitter.com\/AskWoody\/status\/1217292076892741632?ref_src=twsrc%5Etfw\">January 15, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>Susan Bradley, die als Admin aktiv ist, hat die Bedeutung der Schwachstelle CVE-2020-0609 sofort erkannt. Sie schreibt zwar von Essentials 2012 Server und h\u00f6her \u2013 es betrifft laut Microsoft aber Windows Server 2012 und h\u00f6her. Microsoft hat zum 14. Januar 2020 den Sicherheitshinweis <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0609\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2020-0609 | Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability<\/a> ver\u00f6ffentlicht. <\/p>\n<blockquote>\n<p>A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  <\/p>\n<p>To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems RD Gateway via RDP.  <\/p>\n<p>The update addresses the vulnerability by correcting how RD Gateway handles connection requests.<\/p>\n<\/blockquote>\n<p>Im Windows Remote Desktop Gateway (RD Gateway) gibt es eine Remote Code Execution-Schwachstelle, die von Angreifern ausgenutzt werden kann. Microsoft hat Sicherheitsupdates f\u00fcr die betroffenen Server-Versionen freigegeben.<\/p>\n<ul>\n<li>Windows Server 2012: <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4534283\/\" target=\"_blank\" rel=\"noopener noreferrer\">KB4534283<\/a> (Monthly Rollup), <a href=\"https:\/\/support.microsoft.com\/help\/4534288\" target=\"_blank\" rel=\"noopener noreferrer\">KB4534288<\/a> (Security-only)  <\/li>\n<li>Windows Server 2012 R2: <a href=\"https:\/\/support.microsoft.com\/help\/4534297\" target=\"_blank\" rel=\"noopener noreferrer\">KB4534297<\/a> (Monthly Rollup), <a href=\"https:\/\/support.microsoft.com\/help\/4534309\" target=\"_blank\" rel=\"noopener noreferrer\">KB4534309<\/a> (Security-only)  <\/li>\n<li>Windows Server 2016: <a href=\"https:\/\/support.microsoft.com\/help\/4534271\" target=\"_blank\" rel=\"noopener noreferrer\">KB4534271<\/a> (kumulative Update)  <\/li>\n<li>Windows Server 2019: <a href=\"https:\/\/support.microsoft.com\/help\/4534273\" target=\"_blank\" rel=\"noopener noreferrer\">KB4534273<\/a> (kumulative Update)<\/li>\n<\/ul>\n<p>Mit den Updates sollte die Schwachstelle gepatcht sein \u2013 beachtet aber die Hinweise in den Known Issues-Abschnitten der KB-Artikel. Die Windows Server 2008\/R2, die am 14.1.2020 das Supportende erreicht haben (und auch der Small Business Server 2011) sind wohl nicht von dieser Schwachstelle betroffen.<\/p>\n<p><strong>\u00c4hnliche Artikel:<\/strong><br \/><a href=\"https:\/\/borncity.com\/blog\/2020\/01\/08\/microsoft-office-patchday-7-januar-2020\/\">Microsoft Office Patchday (7. Januar 2020)<\/a><br \/><a href=\"https:\/\/borncity.com\/blog\/2020\/01\/14\/microsoft-security-update-summary-14-januar-2020\/\">Microsoft Security Update Summary (14. Januar 2020<\/a>)<br \/><a href=\"https:\/\/borncity.com\/blog\/?p=227005\">Patchday: Updates f\u00fcr Windows 7\/8.1\/Server (14. Januar 2020)<\/a><br \/><a href=\"https:\/\/borncity.com\/blog\/2020\/01\/15\/patchday-windows-10-updates-14-januar-2020\/\">Patchday Windows 10-Updates (14. Januar 2020)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[English]Kleiner Sicherheitshinweis f\u00fcr Administratoren, die den Windows (Essentials) Server 2012 und Windows Server 2016\/2019 mit aktivierter Remote Desktop Gateway-Rolle betreiben. Falls der \u00fcber Port 443 und 3389 f\u00fcr Nutzer erreichbar sein soll, lest die nachfolgenden Hinweise zur RCE-Schwachstelle CVE-2020-0609.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[426,185,2557],"tags":[7853,4328,4364],"class_list":["post-227027","post","type-post","status-publish","format-standard","hentry","category-sicherheit","category-update","category-windows-server","tag-cve-2020-0609","tag-sicherheit","tag-windows-server"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/227027","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=227027"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/227027\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=227027"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=227027"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=227027"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}