Windows Remote Desktop Gateway vulnerability

24/01/2020
Lee Sanders

Lee Sanders

Founder of Computer Consultant Professionals and with over 20 years of industry experience, Lee specialises in tailored technology solutions that help businesses grow.

A vulnerability has recently been discovered in Windows Remote Desktop Gateway, which could leave you open to attacks. The vulnerability requires no user interaction and is pre-authentication. The attacker would be able to execute arbitrary code on your system. This means the attacker could install programs; view, change or delete data; or create new accounts with full user rights. An attacker only needs to send a specially crafted request to the correct service to exploit this vulnerability.

This vulnerability affects all Windows Server 2012 (or later) servers. Server Essentials 2012(R2) encourages and enables Remote Desktop Gateway usage by default, so it’s especially important to patch those.

While there are no known exploits using this vulnerability, it’s always better to be safe so we recommend applying the appropriate patch from this page quicker than you normally would.

Hot industry news & trends