Microsoft May 2018 Security Update CredSSP Issue I have just patched some of my Windows Server 2016 servers with the new May 2018 KB, which fixes a CredSSP vulnerability, but at the same time creates an issue when trying to RDP from a non-patched system.

Active1 year, 1 month ago

After Windows Update, I get this error when trying to connect to a server using Remote Desktop Connection.

When read the link provided by error message, it seems because of an update at 2018/05/08:

May 8, 2018

An update to change the default setting from Vulnerable to Mitigated.

Related Microsoft Knowledge Base numbers are listed in CVE-2018-0886.

Is there a solution for this?

Peter Mortensen
8,53916 gold badges62 silver badges85 bronze badges
Pham X. BachPham X. Bach

Handbrake For Mac Stopped Working

9291 gold badge6 silver badges11 bronze badges

migrated from stackoverflow.comMay 10 '18 at 10:13

This question came from our site for professional and enthusiast programmers.

13 Answers

(Posted an answer on behalf of the question author).

As in some answers, the best solution for this error is to update both server and clients to version >= the 2018-05-08 update from Microsoft.

If you cannot update both of them (i.e. you can only update client or server) then you could apply one of the workarounds from the answers below, and change the configuration back ASAP so that you minimise the duration of the vulnerability introduced by the workaround.


ac19501

I found one solution. As described in the help link, I tried roll back from update 2018/05/08 by changing the value of this group policy:

  • Run gpedit.msc

  • Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation

Outlook For Mac Stopped Working

Change it to Enable and in Protection level, change back to Vulnerable.

I am not sure if it may rollback any risk of an attacker exploiting my connection. I hope Microsoft will fix this soon so I could restore the setting to the recommend setting Mitigated.

Pham X. BachPham X. Bach
9291 gold badge6 silver badges11 bronze badges

Another way is install Microsoft Remote Desktop client from MS Store - https://www.microsoft.com/en-us/store/p/microsoft-remote-desktop/9wzdncrfj3ps

PavelPavel

This problem only happens in my Hyper-V VM, and remoting to physical machines is OK.

Go to This PC → System Settings → Advanced System Settings on the server and then I solved it by unchecking target VM 'allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)'.

Peter Mortensen
8,53916 gold badges62 silver badges85 bronze badges
au.twau.tw
Rdp For Mac Stopped Working Windows Update May 2018

Following ac19501's answer I have created two registry files to make this easier:

rdp_insecure_on.reg

rdp_insecure_off.reg

yann.kmmyann.kmm

Update on GPO example on print screen.

Based on the answer 'reg add 'HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemCredSSPParameters' /f /v AllowEncryptionOracle /t REG_DWORD /d 2'

Key Path: SoftwareMicrosoftWindowsCurrentVersionPoliciesSystemCredSSPParameters
Value Name: AllowEncryptionOracle
Value data: 2

Ramon LucasRamon Lucas

I came across the same issues. The better solution would be to update the machine you are connecting to instead of using Pham X Bach answer to lower security level.

However, if you cannot update the machine for some reason his workaround works.

Peter Mortensen
8,53916 gold badges62 silver badges85 bronze badges
gointern

You need to install a Windows Update for the server and all clients. To look for the update, go to https://portal.msrc.microsoft.com/en-us/security-guidance, then search for the 2018-0886 CVE and choose the Security Update for the version of Windows installed.

Alejandro

You need to update your Windows Server using Windows Update. All required patches will be installed. Then you can connect to your server via Remote Desktop again.

You need to install kb4103725

Read more at:https://support.microsoft.com/en-us/help/4103725/windows-81-update-kb4103725

Ali Shams

For servers, we can also change the setting via Remote PowerShell (assuming WinRM is enabled, etc...)

Now, if this setting is managed by a domain GPO, it's possible that it'll revert, so you need to check the GPOs. But for a quick fix, this works.

Reference: https://www.petri.com/disable-remote-desktop-network-level-authentication-using-powershell

Francisco XavierFrancisco Xavier

Another option if you have access to the command-line (we have an SSH server running on the box) is to run 'sconfig.cmd' from the command line. You get a menu like below:

Choose option 7, and turn it on for all clients, not just secure.

Once that's done, you can remote desktop in. It looks like for us the problem was our client systems got updated for the new security, but our server boxes were behind on updates. I'd suggest getting the updates and then turning this security setting back on.

MacPeter Mortensen
8,53916 gold badges62 silver badges85 bronze badges
BrentBrent

Uninstall:

  • For Windows 7 and 8.1: KB4103718 and/or KB4093114
  • For Windows 10: KB4103721 and/or KB4103727 server without updates

This update contains a patch for vulnerability CVE-2018-0886. On a non-patched server it lets them in without them.

Peter Mortensen
8,53916 gold badges62 silver badges85 bronze badges

Mp Navigator Ex For Mac Stopped Working

EXPYEXPY

Stopped Working Reddit

Not the answer you're looking for? Browse other questions tagged remote-desktop or ask your own question.

⇐ ⇐ Row Height Too High On Quicken 2018 For Mac
⇒ ⇒ Streaming Tv Trial For Mac 2018