A new vulnerability has been disclosed pertaining to Remote Desktop Gatewat (RD Gateway, think RDP)
Servers Affected: 2012, 2012 R2, 2016 and 2019.
There was a new vulnerability released 13 days ago by Microsoft, CVE-2020-0609 and 0610. The vulnerability causes an unauthenticated user the ability to execute code on a remote system. Two proof of concepts (a DOS attack) have been released to Github already, with a functional exploit video on Twitter. The exploit has been nicknamed “BlueGate”, a play of BlueKeep, a vulnerability in the RDP that also allowed RCEs.
The exploit relies on a mishandling in the section of code that handles UDP for RDG. HTTP and HTTPS (which are also supported by RD) appear to be safe from exploit.
Quote: “In his own blog post, Hutchins explained that the vulnerabilities affect the RD Gateway code responsible for handling UDP. RD Gateway also supports HTTP and HTTPS, and disabling UDP or firewalling the associated UDP port should be enough to prevent exploitation in the case of users who are unable to immediately install Microsoft’s patches.”
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610
Article: https://www.securityweek.com/poc-exploits-created-recently-patched-bluegate-windows-server-flaws
PoC: https://github.com/ollypwn/BlueGate
PoC: https://github.com/MalwareTech/RDGScanner
Twitter Video: https://twitter.com/layle_ctf/status/1221514332049113095
Edit: Fixed the title as well as some encoding issues. Thank-you David for pointing these out!