this vulnerability is pre authentication and requires no user interaction. an unauthenticated attacker can exploit this vulnerability by connecting to the target system using the remote desktop protocol (rdp) and sending specially crafted requests. A remote code execution vulnerability exists in windows remote desktop gateway (rd gateway). Like the previously fixed ‘bluekeep’ vulnerability ( cve 2019 0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction. this vulnerability is pre authentication and requires no user interaction.”, cve 2020 06 0610. According to microsoft, “a remote code execution vulnerability exists in windows remote desktop gateway (rd gateway) when an unauthenticated attacker connects to the target system using rdp and sends specially crafted requests. On 15 january 2020 (aedt), microsoft released security patches for three critical and one important vulnerabilities in the microsoft remote desktop client, remote desktop gateway and the windows operating system. the first of these is the rce (remote code execution) vulnerability against remote desktop gateway servers, which functions without requiring any working credentials. Currently, there are two large vulnerabilities in particular making their way around for remote desktop gateway servers and windows users.
0 Comments
Leave a Reply. |