Click on the Category button to get more articles regarding that product.
CredSSP updates for CVE-2018-0886
If you currently can’t logon to RDP and you have no timeline to patch both sides there is a workaround.
Notice that this does reopen the exploit in RDP. There is also a GPO which you can use to set central.
The workaround is a better solution that letting people update direct from Microsoft and bypassing internal
Patch structure like WSUS-Server. At the end customers get patches which they SHOULD not because some third party software in incompatible.
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters] “AllowEncryptionOracle”=dword:00000002 |
|
reg add “HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters” /f /v AllowEncryptionOracle /t REG_DWORD /d 2 |
https://blogs.technet.microsoft.com/askpfeplat/2018/05/07/credssp-rdp-and-raven/
https://support.microsoft.com/en-my/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018
Here is the FLOW this was integrated by Microsoft over months. Now if you or your server team did not install
Three months you end up in trouble currently and need the workaround we did mention above.
Updates
March 13, 2018
The initial March 13, 2018, release updates the CredSSP authentication protocol and the Remote Desktop clients for all affected platforms.
Mitigation consists of installing the update on all eligible client and server operating systems and then using included Group Policy settings or registry-based equivalents to manage the setting options on the client and server computers. We recommend that administrators apply the policy and set it to “Force updated clients” or “Mitigated” on client and server computers as soon as possible. These changes will require a reboot of the affected systems.
Pay close attention to Group Policy or registry settings pairs that result in “Blocked” interactions between clients and servers in the compatibility table later in this article.
April 17, 2018
The Remote Desktop Client (RDP) update update in KB 4093120 will enhance the error message that is presented when an updated client fails to connect to a server that has not been updated.
May 8, 2018
An update to change the default setting from Vulnerable to Mitigated.
Related Microsoft Knowledge Base numbers are listed in CVE-2018-0886.
By default, after this update is installed, patched clients cannot communicate with unpatched servers.