Published: 14/01/2020 Updated: 17/01/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Microsoft Windows Remote Desktop Gateway (RD Gateway) is a Windows Server component that provides access to Remote Desktop services without requiring the client system to be present on the same network as the target system. Originally launched as Terminal Services Gateway (TS Gateway) with Windows Server 2008, RD Gateway is a recommended way to provide Remote Desktop connectivity to cloud-based systems. For example, guidance has been provided for using RD Gateway with AWS, and also with Azure. The use of RD Gateway is recommended to reduce the attack surface of Windows-based hosts.Microsoft RD Gateway in Windows Server 2012 and later contain two vulnerabilities that can allow an unauthenticated remote malicious user to execute arbitrary code with SYSTEM privileges. It is reported by Kryptos Logic that the flaws lie in handling of fragmentation. This vulnerability is exploitable by connecting to the RD Gateway service listening on UDP/3391.

Vulnerability Trend

Recent Articles

RCE Exploit for Windows RDP Gateway Demoed by Researcher
BleepingComputer • Sergiu Gatlan • 27 Jan 2020

A remote code execution (RCE) exploit for Windows Remote Desktop Gateway (RD Gateway) was demoed by InfoGuard AG penetration tester Luca Marcelli, after a proof-of-concept denial of service exploit was released by Danish security researcher Ollypwn on Friday for the same pair of flaws.
The exploit targets the CVE-2020-0609 and CVE-2020-0610 bugs found in the Remote Desktop Gateway (RD Gateway) component on devices running Windows Server (2012, 2012 R2, 2016, and 2019).

Teenagers today. Can't take them anywhere, eh? 18-year-old kid accused of $50m SIM-swap cryptocurrency heist
The Register • Shaun Nichols in San Francisco • 25 Jan 2020

Also, Cisco, Citrix emit patches, US army advises using Signal

Roundup Here comes a summary of this week's computer security news beyond what we've already covered.
An 18-year-old man from Canada has been accused of stealing more than $50m in cryptocurrency using SIM-swapping attacks.
SIM swapping typically involves crooks tricking cellular network support staff to transfer victims' smartphone numbers to the criminals' own SIMs, and then using those numbers to reset passwords, or get two-factor authentication tokens, via text messages, and ultim...

DOS Exploit PoC Released for Critical Windows RDP Gateway Bugs
BleepingComputer • Sergiu Gatlan • 24 Jan 2020

A proof-of-concept (PoC) denial of service exploit has been published by Danish security researcher Ollypwn for the CVE-2020-0609 and CVE-2020-0610 flaws affecting the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices.
RD Gateway is used to fence off Remote Desktop servers on internal networks from Internet connections and to only allow the ones that successfully authenticate on the gateway to reach the server.
The two vulner...

Microsoft Patch Tuesday – January 2020
Symantec Threat Intelligence Blog • Preethi Koroth • 15 Jan 2020

This month the vendor has patched 49 vulnerabilities, 8 of which are rated Critical.

Posted: 15 Jan, 202014 Min ReadThreat Intelligence SubscribeMicrosoft Patch Tuesday – January 2020This month the vendor has patched 49 vulnerabilities, 8 of which are rated Critical.This month the vendor has patched 49 vulnerabilities, 8 of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all softw...

Microsoft patches severe Windows flaw after tip‑off from NSA
welivesecurity • Tomáš Foltýn • 15 Jan 2020

Microsoft has shipped out a security patch to address a serious vulnerability in the Windows operating system that, if abused, could enable attackers to make malware appear as though it was code from a legitimate source.
The vulnerability, which is being fixed as part of this month’s Patch Tuesday rollout, affects a key cryptographic component of Windows 10, Windows Server 2019 and Windows Server 2016. The flaw was discovered by the United States’ National Security Agency (NSA), which,...

Welcome to the 2020s: Booby-trapped Office files, NSA tipping off Windows cert-spoofing bugs, RDP flaws...
The Register • Shaun Nichols in San Francisco • 14 Jan 2020

Grab your Microsoft, Adobe, SAP, Intel, and VMware fixes now

Patch Tuesday In the first Patch Tuesday of the year, Microsoft finds itself joined by Adobe, Intel, VMware, and SAP in dropping scheduled security updates.
This month's Microsoft security fixes include three more remote-code-execution vulnerabilities in Redmond's Windows Remote Desktop Protocol software. Two of the flaws (CVE-2020-0609, CVE-2020-0610) are present on the server side in RD Gateway – requiring no authentication – while a third (CVE-2020-0611) is found on the client side....

Microsoft's January 2020 Patch Tuesday Fixes 49 Vulnerabilities
BleepingComputer • Lawrence Abrams • 14 Jan 2020

Today is Microsoft's January 2020 Patch Tuesday and also the Windows 7 end of life. This is going to be a stressful day for your Windows administrators, so be nice!
With the release of the January 2020 security updates, Microsoft has released fixes for 49 vulnerabilities. Of these vulnerabilities, 7 are classified as Critical, 41 as Important, and 1 as Moderate.
One of the 'Critical' vulnerabilities fixed today was discovered by the NSA and could allow attackers to spoof digital ce...