Home others, windows 10, windows server Windows 10 RDP error credssp encryption oracle remediation
otherswindows 10windows server

Windows 10 RDP error credssp encryption oracle remediation

in case you living daily without remote desktop activity, You won’t know there recently problem occurred while updating security updates on windows 10 KB4103727. You may notice that suddenly connection to a production server by remote desktop has been failed

An authentication error has occured, the function requested is not supported. Remote desktop <your rdp server> This could be due to CredSSP encryption oracle remediation.

on march 13, 2018; microsoft released the CreedSSP authentication protocol and all the remote desktop clients that installed the update affected to this patch.

the CVE-2018-0886 consists installing and update for client and server (windows server), and using Group Policy or registry settings to configure the option on both client and servers.

the KB4103727 is for oracle attack (i’ll explain oracle attack in different article)

these cumulative update include the fix for the CredSSP Ecryption vulnerability:

May 8, 2018 – KB4103721 (OS Build 1803)
May 8, 2018 – KB4103727 (OS Build 1709)
May 8, 2018 – KB4103731 (OS Build 1703)
May 8, 2018 – KB4103723 (OS Build 1609 & Server 2016)

once you installed this patch on vulnerable workstation and attempt to connect to an unpatched server, you will see the following error message that happens after you type in your account and password on RDP session

 

the cause of error is Security Update for Microsoft Windows KB4103727

there were a few solution:

  1. Client Side:
    1. uninstall these patches, but I think this is the only temporary solution
    2. because if you continue to update windows, the patches will be reinstalled
  2. Server Side:
    1. You do not need to uninstall the patched on client side
    2. Install your server on these kb4103723
      1. you can download these KB for your server here
      2. this 1.27GB files need to be downloaded and installed on your RDP server
      3. installation time takes around 30-60 minutes depends on your HW Server specification
      4. Restart 2x
    3. goto gpedit.msc, and set these configuration
      1. you can find the configuration : Computer Configuration >> Administrative Templates >> System >> Credentials Delegation –> Encryption Oracle Remediation. by Default is set to Not Configured

please to note that:

  1. Disabled : and your patched client wont work
  2. Enabled:
    1. Force updated Client : only your patched client work
    2. Mitigated : all your patched client and unpatched client work, if there were oracle attack, your windows will alert you
    3. Vulnerable : all your patched client and unpatched client work, if there were oracle attack, none of your windows allert you

this is the matrix from microsoft source (https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018)

the solution for this time is : enabled, mitigated

 

Author

Ronny

Leave a Reply