Author Topic: CVE-2020-0609 and 2020-0610  (Read 2297 times)

0 Members and 1 Guest are viewing this topic.

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
CVE-2020-0609 and 2020-0610
« on: January 29, 2020, 02:40:03 PM »
A new vulnerability has been disclosed pertaining to Remote Desktop Gatewat (RD Gateway, think RDP)

Servers Affected: 2012, 2012 R2, 2016 and 2019.

There was a new vulnerability released 13 days ago by Microsoft, CVE-2020-0609 and 0610. The vulnerability causes an unauthenticated user the ability to execute code on a remote system. Two proof of concepts (a DOS attack) have been released to Github already, with a functional exploit video on Twitter. The exploit has been nicknamed "BlueGate", a play of BlueKeep, a vulnerability in the RDP that also allowed RCEs.

The exploit relies on a mishandling in the section of code that handles UDP for RDG. HTTP and HTTPS (which are also supported by RD) appear to be safe from exploit.

Quote: "In his own blog post, Hutchins explained that the vulnerabilities affect the RD Gateway code responsible for handling UDP. RD Gateway also supports HTTP and HTTPS, and disabling UDP or firewalling the associated UDP port should be enough to prevent exploitation in the case of users who are unable to immediately install Microsoft's patches."

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610

Article: https://www.securityweek.com/poc-exploits-created-recently-patched-bluegate-windows-server-flaws

PoC: https://github.com/ollypwn/BlueGate
PoC: https://github.com/MalwareTech/RDGScanner

Twitter Video: https://twitter.com/layle_ctf/status/1221514332049113095


Edit: Fixed the title as well as some encoding issues. Thank-you David for pointing these out!
« Last Edit: January 30, 2020, 12:42:16 AM by Michael (alan1998) »
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89221
  • No support PMs thanks
Re: CE-2020-0609 and 2020-0610
« Reply #1 on: January 29, 2020, 05:08:36 PM »
A little typo perhaps, should your topic title not be CVE-2020-0609 and 2020-0610
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: CE-2020-0609 and 2020-0610
« Reply #2 on: January 30, 2020, 12:40:52 AM »
A little typo perhaps, should your topic title not be CVE-2020-0609 and 2020-0610

Indeed it should be. Edited the title as well as fixed some encoding errors (apostrophes and double quotes). This was originally sent to my coworkers and copied here for you guys to see as well.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.