RCE exploit shows that Windows RDG is still vulnerable

Don Sharpe
by Don Sharpe
Author
Loading Comments
Download PDF

Remote PC hacker

“Windows kernel hacker” Luca Marcelli has published a video on Tweeter demonstrating his successful breaching of Windows Remote Desktop Gateway (RDG) by remote code execution (RCE).

The hack takes advantage of two Windows server security vulnerabilities about which Microsoft has already alerted users.

There are security updates for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities, but just in case you’re having second thoughts about using them, this hacker has just shown how real the threat to your system is.

Hackers can remotely manipulate your system and data

In any case, Microsoft hasn’t suggested another effective way to handle the issue, so patching seems to be the only way to keep your Windows PC safe from the threat for now.

Luca recommends disabling UDP traffic for the RDG to thwart an RCE attack like the one he just demonstrated.

Organizations use Windows RDG to let their employees remotely connect to the company’s IT resources via any device with a remote desktop client application. Such a connection should generally be secure and hack-proof, especially if it incorporates multi-factor authentication.

But in an RCE attack that exploits Windows RDG security weaknesses, a hacker doesn’t have to submit the correct user credentials to access company files. That’s because the attack takes place before the activation of authentication protocols.

Patching your system is the only way to stay safe

The RDG itself gives the intruder the prerequisite remote access, so they don’t even have to be physically there to execute their malicious code. Worse still, the intrusion is stealth, seeing as the “specially crafted requests” to the target system or device require no user interactions to get through.

Microsoft says that a successful exploit of this vulnerability could enable a hacker to deploy new programs or view/ alter data. Organizations holding sensitive personal information wouldn’t want to take that risk, especially against the backdrop of more stringent data protection regulations worldwide.

The Windows operating system maker has, in the past, identified other Remote Desktop Protocol (RDP) vulnerabilities that may be worth your attention. There are fixes for these bugs too. To be on the safe side, consider keeping pace with the latest Patch Tuesday updates.