BlueGate

PoC released for critical remote code execution vulnerabilities tracked as CVE-2020-0609 & CVE-2020-0610. The vulnerability allows a remote attacker to connect the system through RDP and to send the malicious request.

Microsoft released security updates for the vulnerability, as a part of patch January Patch Tuesday, that was released on January 14th.

PoC Released – BlueGate

A Dutch-based security researcher with Twitter handle ollypwn, released PoC DoS exploit and scanner for the vulnerabilities.

The vulnerability can be exploited by attackers without any user interaction, successful exploitation of the vulnerability allows an attacker to execute arbitrary code on the target systems.

By gaining the system access an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The vulnerability affects Remote Desktop Gateway on Windows Server (2012, 2012 R2, 2016, and 2019) devices.

He named the PoC as BlueGate, it includes a scanner and DoS Exploit. The tool can be downloaded from GitHub.

To run a scan

BlueGate.py [-h] -M {check,dos} [-P PORT] host

Marcus Hutchins, Malwaretech researcher also released a scanner to check an RDP Gateway Server for vulnerabilities CVE-2020-0609 & CVE-2020-0610.

To run a scan

python3 RDGScanner.py  

The tool can be downloaded from GitHub.

Mitigation Suggested

Marcus Hutchins suggested disabling UDP Transport or firewalling the UDP port to prevent the exploitation as the vulnerability exists only in the code handling UDP.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Leave a Reply