CredSSP Encryption Oracle Remediation
Thanks to: https://www.netwoven.com/
2. RDP SESSION
An update released by Microsoft (KB 4093492)on May 8, 2018, for Windows 10 Operation System was targeted to change the default settings CredSSP from Vulnerable to Mitigated.
A full list of the update and patches for all platform can be obtained from here.
However, post patching this caused an issue where the patched clients were blocked from communicating with unpatched servers over RDP protocols.
This has been reported to cause an error thrown by Windows RDP as below:3. WORKAROUND
Use the group policy settings changes described below to rollback the changes to ‘Vulnerable’ state to allow RDP access.
1. Open Group Policy Editor, by executing gpedit.msc
2. Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation
Run gpedit.msc and expand Administrative TemplatesExpand SystemExpand Credential DelegationEdit Encryption Oracle RemediationSelect Enabled and change Production Level to Vulnerable3. Run the command gpupdate /force to apply group policy settings.
INTRODUCTION
A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP). An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system.
CredSSP is an authentication provider which processes authentication requests for other applications; any application which depends on CredSSP for authentication may be vulnerable to this type of attack.
As an example of how an attacker could exploit this vulnerability against Remote Desktop Protocol, the attacker would need to run a specially crafted application and perform a man-in-the-middle attack against a Remote Desktop Protocol session. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The security update addresses the vulnerability by correcting how Credential Security Support Provider protocol (CredSSP) validates requests during the authentication process.
1. SCENARIO
2. RDP SESSION
An update released by Microsoft (KB 4093492)on May 8, 2018, for Windows 10 Operation System was targeted to change the default settings CredSSP from Vulnerable to Mitigated.
A full list of the update and patches for all platform can be obtained from here.
However, post patching this caused an issue where the patched clients were blocked from communicating with unpatched servers over RDP protocols.
This has been reported to cause an error thrown by Windows RDP as below:3. WORKAROUND
Use the group policy settings changes described below to rollback the changes to ‘Vulnerable’ state to allow RDP access.
1. Open Group Policy Editor, by executing gpedit.msc
2. Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation
Run gpedit.msc and expand Administrative TemplatesExpand SystemExpand Credential DelegationEdit Encryption Oracle RemediationSelect Enabled and change Production Level to Vulnerable3. Run the command gpupdate /force to apply group policy settings.
4. Your remote desktop connection will be working fine now.
METHOD 2: Using Registry Editor (regedit.exe)
If you are using Home edition of Windows, you'll not be able to run gpedit.msc command because this edition doesn't come with Group Policy Editor. But you can enable Group Policy Editor in this edition using this tutorial.
If you can't use or don't want to use Group Policy Editor, you can take help of Registry Editor for the same task. Just follow these simple steps:
1. Press WIN+R keys together to launch RUN dialog box. Now type regedit and press Enter. It'll open Registry Editor.
2. Now go to following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
3. Create a new key under System key and set its name as CredSSP
4. Create another new key under CredSSP key and set its name as Parameters
5. Now select Parameters key and in right-side pane create a new DWORD AllowEncryptionOracle and set its value to 2
Restart your computer to take effect.
Now you'll be able to use remote connection between server and client without any issue.
PS: In future if you want to restore default settings, simply delete the DWORD created in above steps.
nice information
ResponderEliminarPlanning to go somewhere The Location
Tracker for the first time or moving to a new city or town, just update your maps and you are good to go hassle-free. Updating your GPS means you are going in the right direction for sure or you're not gonna get lost in your way. Just one step: The Location Tracker update