Windows Update Strikes again! - CredSSP Encryption Oracle Patch

Monday, May 14, 2018

WindowsPatching.png

Have you seen this error pop up when  you are attempting to RDP to a machine??

image

I ran into this over the weekend connecting to a customer’s environment.  This environment used a VPN connection and then RDP connections to various servers that I needed.  Each of them was throwing up this error when trying to connect to them! Based on email threads and twitter, it looks like this is bothering quite a few people/clients.  The fix thankfully is pretty easy. 

Microsoft put this blog post out on the 11th to address it :
https://blogs.technet.microsoft.com/mckittrick/unable-to-rdp-to-virtual-machine-credssp-encryption-oracle-remediation/

The issue stems from a patch that went out that addressed the CredSSP vulnerability. (CVE-2018-0886).

The best way to solve this issue to to ensure bother client and destination have the latest patch installed so that RDP can be secure in it’s connections. 

If patching the client or server is not in the cards, the other easy fix is to apply this registry setting to temporarily bypass the check.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
"AllowEncryptionOracle"=dword:00000002


Once all servers and clients are patched, be sure to undo this setting.


As always, keep those servers patched and up to date but be sure to test.


- Carlo

Previous
Next Post »