These changes will require a reboot of the affected systems. We recommend that administrators apply the policy and set it to “Force updated clients” or “Mitigated” on client and server computers as soon as possible. Mitigation consists of installing the update on all eligible client and server operating systems and then using included Group Policy settings or registry-based equivalents to manage the setting options on the client and server computers. The initial March 13, 2018, release updates the CredSSP authentication protocol and the Remote Desktop clients for all affected platforms. This issue was addressed by correcting how CredSSP validates requests during the authentication process.
A remote code execution vulnerability ( CVE-2018-0886) exists in unpatched versions of CredSSP. This could be due to CredSSP encryption oracle remediation.įollow that link and it will tell you all you need to know to fix it and how to avoid it. The function requested is not supported Remote computer: The person trying to connect over RD Gateway get the following message:
The moment I saw the error message it rang home that this was a known and documented issue with CredSSP encryption oracle remediation, which is both preventable and fixable. I also got a call to ask for help with such an issue. In the past 12 hours I’ve seen the first mentions of people no longer being able to connect over RDP via a RD Gateway to their clients or servers.
0 kommentar(er)
