Hacker demonstrates Remote Code Execution exploit for Windows Remote Desktop Gateway
A self-described "reverser/pwner [and] Windows kernel hacker" has demoed a working exploit for two recently discovered vulnerabilities in Windows Remote Desktop Gateway (RD Gateway).
The exploit takes advantage of the CVE-2020-0609 and CVE-2020-0610 vulnerabilities which have already been shown to make a denial of service attack possible. Now Luca Marcelli has shown how the same vulnerabilities can be exploited in a Remote Code Execution attack.
There are patches for the vulnerabilities -- which affect Windows Server -- but Marcelli acknowledges that not everyone will be able to install these immediately, or indeed at all. As such information about the exploit is a little thin, although a video showing it in action is available. Microsoft wrote about CVE-2020-0609 and CVE-2020-0610 recently, describing the vulnerabilities as Critical.