The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,426 other followers

When you cannot RDP to a target because of “CredSSP-encryption Oracle remediation”: apply your target security patches.

Posted by jpluimers on 2018/06/29

If you get the below error, then your RDP target server needs to be patched.

You can choose to stay vulnerable and modify your policy or registry settings as explained in the first linked article below: that is a temporary “workaround” which I do not recommend. Please update your RDP target servers in stead.

English:

[Window Title]
Remote Desktop Connection

[Content]
An authentication error has occurred.
The function requested is not supported

Remote computer: rdp.example.org
This could be due to CredSSP-encryption Oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660

[OK]

Dutch:

[Window Title]
Verbinding met extern bureaublad

[Content]
Er is een verificatiefout opgetreden.
De aangevraagde functie wordt niet ondersteund

Externe computer: rdp.example.org
Dit kan zijn veroorzaakt door CredSSP-versleuteling voor Oracle-herstel.
Zie voor meer informatie https://go.microsoft.com/fwlink/?linkid=866660

[OK]

The link go.microsoft.com/fwlink/?linkid=866660 brings you to [WayBack] CredSSP updates for CVE-2018-0886

It affects these Windows versions:

Applies to: Windows Server 2016, Windows Server 2012 R2 Standard, Windows Server 2012 Standard, Windows 8.1, Windows 10, Windows 7, Windows 10 Version 1511, Windows 10 Version 1607, Windows 10 Version 1703, Windows 10 version 1709, Windows Server 2016, Windows Server 2008 R2 Standard, Windows Server 2008 Foundation, Windows Server 2008 Enterprise without Hyper-V, Windows Server 2008 Service Pack 2, Windows Server 2008 Datacenter, Windows Server 2008 for Itanium-Based Systems, Windows Server 2008 Datacenter without Hyper-V, Windows Server 2008 Enterprise, Windows Server 2016 Standard, Windows Server 2016 Essentials, Windows Server 2016 Datacenter, Windows Server Datacenter Core, Windows Server Standard Core, Windows Vista Service Pack 2, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Datacenter, Windows Web Server 2008 R2, Windows 7 Enterprise, Windows 7 Ultimate, Windows 7 Starter, Windows 7 Home Premium, Windows 7 Professional, Windows 7 Home Basic, Windows Server 2008 R2 Foundation, Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1, Windows Server 2012 Essentials, Windows Server 2012 Datacenter, Windows Server 2012 Foundation, Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Essentials, Windows RT 8.1, Windows Server 2012 R2 Foundation, Windows 8.1 Pro, Windows 8.1 Enterprise, Windows Web Server 2008, Windows Server 2008 Standard

The initial patch has been rolled out in March 2018, the patch enforcing the use of the patches in May 2018 as per [Archive.is] CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability:

Revisions

Version Date Description
1.0 03/13/2018 Information published.
2.0 05/08/2018 Microsoft is releasing new Windows security updates to address this CVE on May 8, 2018. The updates released in March did not enforce the new version of the Credential Security Support Provider protocol. These security updates do make the new version mandatory. For more information see “CredSSP updates for CVE-2018-0886” located at https://support.microsoft.com/en-us/help/4093492.
3.0 05/18/2018 In the Affected Products table, reverted the security update entries for Windows 10 Version 1511 back to the March security update (4088779) because a May 2018 update is not available for this version. See the FAQ section for more information about how to be protected from this vulnerability if you are running Windows 10 Version 1511.

Related:

–jeroen

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

 
%d bloggers like this: