BACK

RDP Gateway Remote Code Execution Vulnerabilities

Remote Desktop Gateway (RDG), provides routing for Remote Desktop (RDP). Users firstly connect to the gateway for authentication. Once authentication is successful, the gateway then forwards the RDP traffic to the address specified by the user. Therefore, only the gateway will be exposed to the internet, minimalizing the chance of the RDP servers being targeted …

  • 29 Jan 2020
  • DigitalXRAID
< 1 min read
RDP Gateway Remote Code Execution Vulnerabilities

Remote Desktop Gateway (RDG), provides routing for Remote Desktop (RDP). Users firstly connect to the gateway for authentication. Once authentication is successful, the gateway then forwards the RDP traffic to the address specified by the user. Therefore, only the gateway will be exposed to the internet, minimalizing the chance of the RDP servers being targeted for attack.

In the January 2020 security update, Microsoft addressed two vulnerabilities in remote desktop gateway (RDG). Both bugs, CVE-2020-0609 and CVE-2020-0610, allow for pre-authentication remote code execution.

The vulnerability affects Remote Desktop Gateway on Windows Server (2012, 2012 R2, 2016, and 2019) devices.

These vulnerabilities can be exploited by attackers without any user interaction [and] if successful an attacker can execute arbitrary code on the target system.

Mitigations

It is essential that you apply the latest Windows security updates to the applicable devices, you can navigate to https://support.microsoft.com/en-gb/help/4027667/windows-10-update to find out more. If, for whatever reason you are unable to install this patch, there is still a method to prevent the exploitation of these vulnerabilities. RDG supports three protocols: HTTP, HTTPS, and UDP. The vulnerabilities mentioned only exist in the code responsible for handling UDP protocols. By disabling UDP Transport or firewalling the UDP port (usually port 3391) it is possible to protect your devices from these vulnerabilities.

Blog Details
  • 29 Jan 2020
  • DigitalXRAID

Newest Articles.

View all

Get a Quote

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Contact Us

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Step 1 of 4 - Let’s get started

25%
  • Thanks for your interest in working with us. Please complete the details below and we’ll get back to you as soon as possible.
Close ×
price-popup-pattern
Close ×
price-popup-pattern
Close ×

Step 1 of 3

33%
  • Cyber Essentials Basic Pass Guarantee - £750

    Your Details

price-popup-pattern
Close ×

Step 1 of 3

33%
  • Cyber Essentials Basic Pay Monthly - £79 pcm

    Your Details

price-popup-pattern
Close ×

Step 1 of 2

50%
  • Cyber Essentials Plus - Get a Quote

    Your Details

price-popup-pattern
Close ×

Get In Touch

  • This field is for validation purposes and should be left unchanged.
price-popup-pattern
Close ×

Get A Quote

  • This field is for validation purposes and should be left unchanged.
price-popup-pattern
Close ×
price-popup-pattern

Buy Cyber Essentials

price-popup-pattern