Weekly Comments

21 - 28 January 2020

A security researcher has released a proof-of-concept to exploit two critical Remote Desktop Gateway vulnerabilities patched during Microsoft Patch Tuesday for January 2020.

A security researcher has released a proof-of-concept (PoC) to exploit two critical Remote Desktop Gateway (RDG) vulnerabilities (CVE-2020-0609 and CVE-2020-0610) patched during Microsoft Patch Tuesday for January 2020. The PoC triggers a denial of service state on unpatched systems by sending specially crafted UDP packets on port 3391. The attack requires no authentication or user interaction. It is believed that the exploit may be improved to trigger remote code execution (RCE) on vulnerable servers including Windows Server 2012, 2012 R2, 2016 and 2019. To mitigate against potential attacks, organisations with RDG exposed over the Internet should close the UDP port 3391 if it is not used, or apply the January Microsoft security update.

Separately, Microsoft has not released a patch for the zero-day RCE vulnerability affecting Internet Explorer 9, 10 and 11 (CVE-2020-0674). Ongoing attacks targeting the flaw have been observed in the wild to execute arbitrary code in the context of the current user. A third-party solution provider, 0patch, has released a micropatch for IE11 that disable the vulnerable jscript.dll while avoiding negative side effects such as reduced functionality in Windows Media Player, System File Checker and Proxy automatic configuration scripts. Organisations using IE9 and above and have concerns on targeted attacks against critical Windows servers may choose to apply the micropatch before the official Microsoft patch is available.

References:

RDP to RCE: When Fragmentation Goes Wrong

ollypwn/BlueGate (Exploit)

Micropatching a Workaround for CVE-2020-0674

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence