Just making people aware that Microsoft have just released this critical CVE in the last few hours and has a score of 9.8, allowing pre-authenticated remote code execution via the RDP protocol.
They also seem to suggest that it’s not just the service, but also the client’s are vulnerable too, as the Mac and Android clients are also listed in their CVE. I haven’t read the full CVE yet, but wanted to give people a heads up on this due to the severity.
This has been a rough year for Microsoft with those high scoring CVE’s The Zerologon was so simple to exploit, only a few lines of code and there are plenty of github repos with proof of concept
but at least with zerologon it required them to be on the same local network unless they have SMB publicly exposed. This RDP is much worse because so many people do have it exposed. Roughly 4 million RDP according to Shodan…
Ah that’s annoying. I didn’t spot that and yes your right. It was first release 08/13/2019. Thanks Tom. I should have noticed it started 2019 and realsied that. That’s what happens when you work all day until 1am and then get an email from Microsoft with that CVE.
Tad embarrassing
The Zerologon was so simple to exploit, only a few lines of code and there are plenty of github repos with proof of concept