Input validation error in Windows Server - CVE-2020-0609
Published: January 14, 2020 / Updated: July 1, 2021
Vulnerability identifier: #VU24291
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2020-0609
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Microsoft
Affected software:
Windows Server
Windows Server
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of requests sent to Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. A remote non-authenticated attacker can send specially crafted requests to the affected system and execute arbitrary code.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
How to mitigate CVE-2020-0609
Install update from vendor's website.