Announcing a direct check plugin for CVE-2020-0609 and CVE-2020-0610 | Windows Remote Desktop Gateway (RD Gateway) remote code execution vulnerability

During the January 2020 Patch Tuesday release, CVE-2020-0609 and CVE-2020-0610 stood out as being a set of CVEs to carefully watch. According to the Microsoft Advisories for these CVEs, both are pre-authentication remote code execution vulnerabilities, which can be exploited when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.

Shortly after the release of these patches, a number of proof of concept (PoC) exploits were publicly released. While PoCs can be useful for auditing if a system is affected by a particular vulnerability, that same PoC could be used by malicious attackers. We strongly recommend patching as soon as possible to protect any affected systems.

In order for our customers to identify affected systems, our plugins team will publish authenticated plugins within hours of the Patch Tuesday patches being released from Microsoft. In some cases, there may be opportunities do directly test for a vulnerable host or to directly identify if a patch is missing in an unauthenticated scan. So today we are excited to announce plugin ID 133306.

This plugin can be used to check for systems that may be missing the patch and therefore affected by CVE-2020-0609, CVE-2020-0610, and CVE-2020-0612 (A Denial of Service vulnerability in Microsoft RD Gateway).

You can read more about our Patch Tuesday coverage in our blog here.