A security researcher has released a proof-of-concept (PoC) to exploit two critical Remote Desktop Gateway (RDG) vulnerabilities (CVE-2020-0609 and CVE-2020-0610) patched during Microsoft Patch Tuesday for January 2020. The PoC triggers a denial of service state on unpatched systems by sending specially crafted UDP packets on port 3391. The attack requires no authentication or user interaction. It is believed that the exploit may be improved to trigger remote code execution (RCE) on vulnerable servers including Windows Server 2012, 2012 R2, 2016 and 2019. To mitigate against potential attacks, organisations with RDG exposed over the Internet should close the UDP port 3391 if it is not used, or apply the January Microsoft security update.
Separately, Microsoft has not released a patch for the zero-day RCE vulnerability affecting Internet Explorer 9, 10 and 11 (CVE-2020-0674). Ongoing attacks targeting the flaw have been observed in the wild to execute arbitrary code in the context of the current user. A third-party solution provider, 0patch, has released a micropatch for IE11 that disable the vulnerable jscript.dll while avoiding negative side effects such as reduced functionality in Windows Media Player, System File Checker and Proxy automatic configuration scripts. Organisations using IE9 and above and have concerns on targeted attacks against critical Windows servers may choose to apply the micropatch before the official Microsoft patch is available.
References:Micropatching a Workaround for CVE-2020-0674
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services