Microsoft had a particularly important Patch Tuesday this week. Not only were flaws found in the CryptoAPI library, but arguably more severe flaws were found with the Remote Desktop Client and Gateway that allow for unauthenticated remote code execution. CVE-2020-0609 and CVE-2020-0610 affect Remote Desktop Gateway. Microsoft stated that “A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction.” All supported versions of Windows Server are vulnerable without the released patch. Windows Remote Desktop Client gets its own CVE as well. If an attacker can convince someone to connect to a malicious server through social engineering, man-in-the-middle attacks, compromising a legitimate server, etc., CVE-2020-0611 can also allow for remote code execution.
Note: this post was originally shared on https://squiblydoo.blog/ by a member of the Binary Defense Team. In