“Windows kernel hacker” Luca Marcelli has published a video on Tweeter demonstrating his successful breaching of Windows Remote Desktop Gateway (RDG) by remote code execution (RCE).
The hack takes advantage of two Windows server security vulnerabilities about which Microsoft has already alerted users.
There are security updates for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities, but just in case you’re having second thoughts about using them, this hacker has just shown how real the threat to your system is.
Hackers can remotely manipulate your system and data
In any case, Microsoft hasn’t suggested another effective way to handle the issue, so patching seems to be the only way to keep your Windows PC safe from the threat for now.
Luca recommends disabling UDP traffic for the RDG to thwart an RCE attack like the one he just demonstrated.
If installing the update is not an option you should apply other measurements such as disabling UDP traffic. I'll wait a bit until people had enough time to patch before releasing this to the public 🙂
— Luca Marcelli (@layle_ctf) January 26, 2020
Organizations use Windows RDG to let their employees remotely connect to the company’s IT resources via any device with a remote desktop client application. Such a connection should generally be secure and hack-proof, especially if it incorporates multi-factor authentication.
But in an RCE attack that exploits Windows RDG security weaknesses, a hacker doesn’t have to submit the correct user credentials to access company files. That’s because the attack takes place before the activation of authentication protocols.
Patching your system is the only way to stay safe
The RDG itself gives the intruder the prerequisite remote access, so they don’t even have to be physically there to execute their malicious code. Worse still, the intrusion is stealth, seeing as the “specially crafted requests” to the target system or device require no user interactions to get through.
Microsoft says that a successful exploit of this vulnerability could enable a hacker to deploy new programs or view/ alter data. Organizations holding sensitive personal information wouldn’t want to take that risk, especially against the backdrop of more stringent data protection regulations worldwide.
The Windows operating system maker has, in the past, identified other Remote Desktop Protocol (RDP) vulnerabilities that may be worth your attention. There are fixes for these bugs too. To be on the safe side, consider keeping pace with the latest Patch Tuesday updates.