It's only a matter of time; find & patch your RD Gateway systems ASAP.
All the @shodanhq dorks I have to find them are below.
https://beta.shodan.io/search?query=http.html%3AtdDomainUserNameLabel …
https://beta.shodan.io/search?query=RDWeb …
https://beta.shodan.io/search?query=TSWAFeatureCheckCookie …
https://beta.shodan.io/search?query=path%3D%2FRDWeb%2F …https://twitter.com/MalwareTechBlog/status/1217433253096779776 …
The vulnerability can still be triggered via TCP/443 though, right? That is, even though it's also listening on UDP/3391, that may not matter? I would assume that the latter is usually firewalled off anyway.
-
-
We've updated the CVE details for CVEs ending in 0609, 0610 and 0612 to include the network port details. Only UDP/3391 is vulnerable, TCP/443 is not nor is TCP/3389. https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0609 … https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0610 … https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0612 …
-
Jus curious - How about RDS service? Seeing escalated 443 RPC over HTTPS scans since Tuesday e.g[Thu Jan 16 17:26:38.072296 2020] [core:error] [pid 7199] [client X.X.163.205:41846] AH00135: Invalid method in request RPC_IN_DATA /rpc/rpcproxy.dll?localhost:3388 HTTP/1.1
- 4 more replies
New conversation -
-
-
I'm not at liberty to disclose that level of detail, sorry!
-
Seems like such knowledge would help defenders understand their exposure, and not give attackers any/much net benefit.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.