Re: .NET 4.0.30319
I think, my point still stands. I just checked the CVE database with a few searches (queried ‘Cisco ASA’, ‘Microsoft RDP’, ‘Microsoft Remote Desktop’, ‘Microsoft Terminal Server’ and the results for Cisco for 2019 were 28 and for MS the last CVE was from 2017.
Also, the RDS server can be configured just as easily with certificates and 2FA (Who doesn’t remember our RSA tokens which generated a new code every x seconds?).
And that should be the way to configure it when you’d expose 3389 directly to the internet. But just stating that it is unsafer to expose 3389 to the www, instead of a VPN port is incorrect I think.
Ofcourse I don’t expose 3389 to the outer world and we use a VPN solution for our users. Seeing the CVE list, we might ask ourselves if it isn’t safer even.