⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.
CVE-2020-0609 — Improper Input Validation in Microsoft Windows Server
Severity
9.8CRITICALNVD
EPSS
89.8%
top 0.43%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJan 14
Latest updateApr 16
Description
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0610.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages6 packages
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-73x6-v3m8-f299: A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target sy↗2022-05-24
GHSA▶
GHSA-rfqr-xr33-6qpg: A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target sy↗2022-05-24
💥Exploits & PoCs
2📋Vendor Advisories
1Microsoft
▶
🕵️Threat Intelligence
16Tenable▶
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help↗2022-03-24
📄Research Papers
1arXiv▶
CyLens: Towards Reinventing Cyber Threat Intelligence in the Paradigm of Agentic Large Language Models↗2025-04-16