CVE-2020-0609 and 2020-0610

A new vulnerability has been disclosed pertaining to Remote Desktop Gatewat (RD Gateway, think RDP)

Servers Affected: 2012, 2012 R2, 2016 and 2019.

There was a new vulnerability released 13 days ago by Microsoft, CVE-2020-0609 and 0610. The vulnerability causes an unauthenticated user the ability to execute code on a remote system. Two proof of concepts (a DOS attack) have been released to Github already, with a functional exploit video on Twitter. The exploit has been nicknamed “BlueGate”, a play of BlueKeep, a vulnerability in the RDP that also allowed RCEs.

The exploit relies on a mishandling in the section of code that handles UDP for RDG. HTTP and HTTPS (which are also supported by RD) appear to be safe from exploit.

Quote: “In his own blog post, Hutchins explained that the vulnerabilities affect the RD Gateway code responsible for handling UDP. RD Gateway also supports HTTP and HTTPS, and disabling UDP or firewalling the associated UDP port should be enough to prevent exploitation in the case of users who are unable to immediately install Microsoft’s patches.”

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610

Article: https://www.securityweek.com/poc-exploits-created-recently-patched-bluegate-windows-server-flaws

PoC: https://github.com/ollypwn/BlueGate
PoC: https://github.com/MalwareTech/RDGScanner

Twitter Video: https://twitter.com/layle_ctf/status/1221514332049113095

Edit: Fixed the title as well as some encoding issues. Thank-you David for pointing these out!

A little typo perhaps, should your topic title not be CVE-2020-0609 and 2020-0610

Indeed it should be. Edited the title as well as fixed some encoding errors (apostrophes and double quotes). This was originally sent to my coworkers and copied here for you guys to see as well.