Try our new Certificate Revocation List Check Tool
CRLcheck.exe is a tool developed to verify digital signatures of executable files. It collects files from known paths on your client, checks their signature, and checks Certificate Revocation Lists (CRL) and OCSP download. This helps avoid delays in launching files.
Category published:  WSUS   Click on the Category button to get more articles regarding that product.

KB4103727 RDP client/Server not patched workaround

Posted by admin on 30.05.2018

CredSSP updates for CVE-2018-0886


If you currently can’t logon to RDP and you have no timeline to patch both sides there is a workaround.

Notice that this does reopen the exploit in RDP. There is also a GPO which you can use to set central.

The workaround is a better solution that letting people update direct from Microsoft and bypassing internal

Patch structure like WSUS-Server. At the end customers get patches which they SHOULD not because some third party software in incompatible.


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters] “AllowEncryptionOracle”=dword:00000002

reg add “HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters” /f /v AllowEncryptionOracle /t REG_DWORD /d 2

Here is the FLOW this was integrated by Microsoft over months. Now if you or your server team did not install

Three months you end up in trouble currently and need the workaround we did mention above.



March 13, 2018

The initial March 13, 2018, release updates the CredSSP authentication protocol and the Remote Desktop clients for all affected platforms.

Mitigation consists of installing the update on all eligible client and server operating systems and then using included Group Policy settings or registry-based equivalents to manage the setting options on the client and server computers. We recommend that administrators apply the policy and set it to “Force updated clients” or “Mitigated” on client and server computers as soon as possible. These changes will require a reboot of the affected systems.

Pay close attention to Group Policy or registry settings pairs that result in “Blocked” interactions between clients and servers in the compatibility table later in this article.

April 17, 2018

The Remote Desktop Client (RDP) update update in KB 4093120 will enhance the error message that is presented when an updated client fails to connect to a server that has not been updated.

May 8, 2018

An update to change the default setting from Vulnerable to Mitigated.

Related Microsoft Knowledge Base numbers are listed in CVE-2018-0886.

By default, after this update is installed, patched clients cannot communicate with unpatched servers.

 Category published:  WSUS   Click on the Category button to get more articles regarding that product.