Microsoft had a particularly important Patch Tuesday this week. Not only were flaws found in the CryptoAPI library, but arguably more severe flaws were found with the Remote Desktop Client and Gateway that allow for unauthenticated remote code execution. CVE-2020-0609 and CVE-2020-0610 affect Remote Desktop Gateway. Microsoft stated that “A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction.” All supported versions of Windows Server are vulnerable without the released patch. Windows Remote Desktop Client gets its own CVE as well. If an attacker can convince someone to connect to a malicious server through social engineering, man-in-the-middle attacks, compromising a legitimate server, etc., CVE-2020-0611 can also allow for remote code execution.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.