• Patch Lady – forget that crypto one, worry about this one

    Posted on January 14, 2020 at 21:41 CST by Comment in the Forums

    If you are a IT consultant or admin with an Essentials 2012 (or later) server, or use the RDgateway role and expose it over port 443 to allow users to gain access to RDweb or their desktops, forget that crypt32.dll bug.  This one is one to worry about.

    Impacts 2012 and above – so no impact to SBS 2011 or SBS 2008, yes to Essentials 2012 and higher.

    Essentials 2012 exposes RDgateway over port 443 and 3389 is not open to the web (well, not normally) but given that this is a pre-authentication exploit, all an attacker has to do is to throw that crafted request to port 443 rather than 3389 (assuming I’m reading this right).

    So if you patch SMB servers that use RDgateway, worry about patching those servers this time faster than you would normally do.

    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609

    A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems RD Gateway via RDP.

    (edit:  for anyone asking, 2008 R2 is not vulnerable and thus SBS 2011 is not vulnerable.  It’s only vulnerable on Server 2012 and later, remember SBS 2011’s base operating system drops out of support today)

    Small Business Computing, Windows Patches/Security, Windows Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.