As the subject says, there is basically an open door in the way RD Gateway handles incoming packets.
Whether it is being exploited in the wild as of this writing is questionable.
That being said, this is a bad one folks.
Get those RD Gateway servers patched up.
Oh, and don’t forget to back up the server prior to running the patches.
We also suggest exporting certificates just in case there is a need to build a new RD Gateway server really quick!
Please use our slipstream DISM method to get the Windows Server images updated with the latest update so that this vulnerability is patched.
Happy patching. 😉
CVE-2020-0609 | Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
CVE-2020-0610 | Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
UPDATE: 2020-01-20: It turns out that UDP 3391 does indeed need to be published to the Internet to the RD Gateway server in order for this vulnerability to be exploited. We stand corrected as far as how we understood things to work.
It’s still important to patch though!
P.S. Anyone else having difficulty typing 2020? 😉
Microsoft High Availability MVP
Our Web Site
PowerShell and CMD Guides