Integrity360 is actively monitoring a remote code execution vulnerability that exists in Windows Remote Desktop Gateway (RD Gateway) (CVE-2020-0610).
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.
Known affected versions
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
As of now, Microsoft has not identified any workarounds or mitigating factors for this vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application.
Failed exploit attempts will likely cause a denial-of-service condition.
To successfully exploit this flaw, an attacker must have to trick the user to connect to a malicious server, making exploitation of this flaw less likely. But Microsoft still rates this as critical severity.
Should you require assistance with applying the fix or upgrading, please contact your account manager or email firstname.lastname@example.org. As always, Integrity360 Managed Security Service customers will already be covered through our proactive security approach.