Exercise Solution: Researching and Validating Findings

The company primarily uses Windows, but there are a few Apple devices as well. Last year the company started paying special attention to access security and put a privileged access management solution in place. In addition, to reduce risks, administrative rights have been removed from end-user devices, and Windows Remote Desktop Gateway (RD Gateway) has been disabled from all company systems through a group managed security policy.

Solution

-Potential False Positive CVE-2020-0609 Remote code execution

Thought process: This vulnerability exists in Windows Remote Desktop Gateway (RD Gateway). According to the context provided about the company, RDP is or at least should be disabled. This means that the finding could be a potential false positive. It's important to validate before accepting that hypothesis as an alternative truth may be that contrary to what the company believes, RDP really hasn't been disabled and the vulnerability is real.