Windows Server: Vulnerability CVE-2020-0609 in Remote Desktop Gateway

Posted on 2020-01-15 by guenni

[German]A small security note for administrators running Windows (Essentials) Server 2012 and Windows Server 2016/2019 with the Remote Desktop Gateway role enabled If you want users to be able to access the RCE vulnerability CVE-2020-0609 on ports 443 and 3389, read the following notes on the RCE vulnerability CVE-2020-0609.

Advertising

CVE-2020-0609 at Windows Server

I already became aware of the topic during a tweet from Woody Leonhard. Susan Bradley, who is working as an admin, immediately recognized the significance of the CVE-2020-0609 vulnerability.

Susan Bradley writes about Essentials 2012 Server and higher – but according to Microsoft it concerns Windows Server 2012 and higher. Microsoft has issued security advisory CVE-2020-0609 | Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability.

A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems RD Gateway via RDP.

The update addresses the vulnerability by correcting how RD Gateway handles connection requests.

Microsoft has released security updates for the affected server versions to close the vulnerability.

With these updates the vulnerability could be patched – but read the instructions in the Known Issues sections of the KB articles first. Windows Server 2008/R2, which reached the end of support on Jan 14, 2020 (and also Small Business Server 2011) are not affected by this vulnerability.

Advertising

Similar articles:
Microsoft Office Patchday (January 7, 2020)
Microsoft Security Update Summary (January 14, 2020)
Patchday: Updates for Windows 7/8.1/Server (Jan. 14, 2020)

Advertising
This entry was posted in Security, Update, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).