Microsoft Remote Desktop Gateway Multiple RCE Vulnerabilities (uncredentialed check)

critical Nessus Plugin ID 133306

Version 1.90

Sep 11, 2024, 5:35 PM

  • New (Detects QUIC servers running on the target. Implement a NASL QUIC library to support detection of HTTP/3 and possibly more)

Plugin Feed: 202409111735

Version 1.89

Sep 3, 2024, 11:47 PM

  • Logic Changes (additional data collection for runtime scanning. fixed logic bug causing potential false negatives. fixed logic bug causing potential false positives. fixed logic bug with potential to break cyberark logins)

Plugin Feed: 202409032347

Version 1.88

Aug 14, 2024, 8:33 PM

  • Logic Changes (Endianness fix in Kerberos authentication for SCAP scanning)

Plugin Feed: 202408142033

Version 1.87

Jul 17, 2024, 11:02 PM

  • Logic Changes

Plugin Feed: 202407172302

Version 1.86

May 20, 2024, 10:13 AM

  • Logic Changes

Plugin Feed: 202405201013

Version 1.85

Mar 28, 2024, 2:10 PM

  • CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C")
  • CVSSv2 score source (changed from "CVE-2020-0609" to "CVE-2020-0610")

Plugin Feed: 202403281410

Version 1.84

Mar 19, 2024, 6:40 PM

  • Logic Changes (Improving logging to reduce disk space usage)

Plugin Feed: 202403191840

Version 1.80

Jan 16, 2024, 8:55 PM

  • Logic Changes (Improving debug logging)

Plugin Feed: 202401162055

Version 1.79

Jan 16, 2024, 5:39 PM

  • Detection (Support privacy mode DCOM over Kerberos)
  • Logic Changes (Improving debug logging)

Plugin Feed: 202401161739

Version 1.78

Nov 14, 2023, 4:21 PM

  • Detection (Support SHA2 based encryption for Kerberos)

Plugin Feed: 202311141621

Version 1.76

Sep 26, 2023, 8:16 PM

  • Logic Changes

Plugin Feed: 202309262016

Version 1.73

Jul 24, 2023, 7:10 PM

  • Logic Changes (added debugging)

Plugin Feed: 202307241910

Version 1.72

Jul 17, 2023, 5:15 PM

  • Logic Changes (Make torture_cgi library PCP clean and consolidate utf16_to_ascii())

Plugin Feed: 202307171715

Version 1.71

Jul 10, 2023, 7:11 PM

  • Logic Changes (Restrict ClientHello ciphersuites by encapsulation)

Plugin Feed: 202307101911

Version 1.70

Jun 20, 2023, 9:07 PM

  • Logic Changes (Temporarily limit debug logging)

Plugin Feed: 202306202107

Version 1.68

Jun 1, 2023, 5:27 AM

  • Logic Changes (Better logging)

Plugin Feed: 202306010527

Version 1.66

May 16, 2023, 7:02 PM

  • Detection (Authenticate WMI/DCOM using Kerberos credentials.)

Plugin Feed: 202305161902

Version 1.64

May 1, 2023, 9:07 PM

  • Detection (Make and use compatibility wrapper for running commands on scanner localhost to handle deprecation of pread().)

Plugin Feed: 202305012107

Version 1.61

Apr 6, 2023, 6:58 PM

  • Detection (Add Kerberos debug logging)

Plugin Feed: 202304061858

Version 1.59

Mar 8, 2023, 1:05 AM

  • Logic Changes

Plugin Feed: 202303080105

* Changelogs are generally available for changes made after Nov 1, 2022