CVE-2020-0609

Integrity360 is actively monitoring a Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability (CVE-2020-0609).

The Threat

Microsoft Windows Remote Desktop Protocol is prone to a remote code-execution vulnerability when an unauthenticated remote attacker connects to the target system via RDP and sending specially crafted requests.

This vulnerability can be exploited before authenticating to the targeted server and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code and install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems RD Gateway via RDP.

Known affected versions

  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

Recommendations

As of now Microsoft has not identified any workarounds or mitigating factors for this vulnerability. While the impacts of this vulnerability are still developing, we would like to advise our clients that the best action that you should take to mitigate against this vulnerability is to patch your affected systems

More information

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609

Should you require assistance with applying the fix or upgrading, please contact your account manager or email info@integrity360.com. As always, Integrity360 Managed Security Service customers will already be covered through our proactive security approach.

Subscribe to our blog here!