A remote code execution (RCE) exploit for Windows Remote Desktop Gateway (RD Gateway) was demoed by InfoGuard AG penetration tester Luca Marcelli. A proof-of-concept denial of service exploit was released by Danish security researcher Ollypwn on Friday for the same pair of flaws. The vulnerabilities previously dubbed BlueGate are both rated by Redmond as critical, and they were patched by Microsoft on January 14, as part of the January Patch Tuesday. Almost 20,000 of those servers with the 3391 UDP port open, the one used by RD Gateway’s UDP transport.
Source: https://www.bleepingcomputer.com/news/security/rce-exploit-for-windows-rdp-gateway-demoed-by-researcher/