Patch IMMEDIATELY! - Microsoft Remote Desktop Gateway Remote Code Execution Vulnerability (CVE-2020-0610)

January 14, 2020

Summary

*** Vulnerable RD Gateway servers should be patched IMMEDIATELY even where there is a potential business impact (unscheduled maintenance). Notify security@berkeley.edu if you anticipate any delays in patching. ***

A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway). 

An unauthenticated attacker can exploit this vulnerability by connecting to the target system using the Remote Desktop Protocol (RDP) and sending specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. 

RD Gateway on Microsoft Server 2012/2012 R2, 2016, and 2019 are affected. This vulnerability does not affect Windows desktop operating systems.  [1]

Impact

An attacker who successfully exploits this vulnerability can execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. [1]

Vulnerable

  • Microsoft Windows Server 2012

  • Microsoft Windows Server 2012 R2 

  • Microsoft Windows Server 2016

  • Microsoft Windows Server 2019

Recommendations

  • Patch vulnerable systems IMMEDIATELY.

  • Patching priority should first focus on Internet-facing RD Gateway servers, then Campus network-facing RD Gateway servers, and finally any other RD Gateway servers that are internal or restricted to trusted IP addresses. All vulnerable RD Gateway servers should be patched without delay.

  • Notify security@berkeley.edu if you anticipate any delays in patching.

  • There are no known workarounds for this vulnerability.

References

[1] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610