Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Danish security researcher Ollypwn has released DOS exploit PoC for critical vulnerabilities in the Windows RDP Gateway.

The Danish security researcher Ollypwn has published a proof-of-concept (PoC) denial of service exploit for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities in the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices.

A Remote Desktop Gateway server is typically is located in a corporate or private network and acts as the gateway into which RDP connections from an external network connects through to access a Remote Desktop server (Terminal Server) located on the corporate or private network.

“A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” reads the advisories published by Microsoft.

“To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems RD Gateway via RDP.”

Microsoft addressed the two vulnerabilities with the release of the January Patch Tuesday.

The PoC code released by the researcher also includes a built-in scanner for checking if a host is vulnerable to both CVE-2020-0609 and CVE-2020-0610 issues.

Scanning for vulnerable RDP Gateway servers with Shodan, the search engine has found over 15,500.

Experts suggest securing vulnerable RDP Gateway servers by installing the security updates ([1], [2]) released by Microsoft.

To mitigate the risk of exploitation it is possible to disable UDP ore protect access to UDP port.

“Simply disabling UDP Transport, or firewalling the UDP port (usually port 3391) is sufficient to prevent exploitation,” explained the popular researcher Marcus Hutchins .

Microsoft is not aware of attacks in the wild exploiting the above vulnerabilities.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – RDP Gateway, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.