Once both computers have the CredSSP patch installed, the error message will disappear. You can download and install the security update from following link:ĭownload CredSSP Patch for Remote Code Execution Vulnerability
To solve this problem, it is recommended to install the security patch in both computers (server and client). In other words, if the client computer has the security update installed but the server computer was not updated with the security update (or vice versa), the remote connection was unsuccessful and user received above mentioned error message. The patch updated CredSSP authentication protocol and Remote Desktop clients for all affected platforms.Īfter installing the update, patched clients were not able to communicate with unpatched servers. To patch this security risk, Microsoft released a security update addressing the vulnerability by correcting how CredSSP validates requests during the authentication process. So any application that depends on CredSSP for authentication was vulnerable to this type of attack. An attacker who successfully exploits this vulnerability could relay user credentials to execute code on the target system. Recently Microsoft found that a remote code execution vulnerability (CVE-2018-0886: encryption oracle attack) exists in CredSSP versions. Actually RDP uses CredSSP (Credential Security Support Provider Protocol) which is an authentication provider that processes authentication requests for applications.
This issue occurs due to CredSSP Patch installed in server or client computer. If you use a 3rd party remote desktop client or server, you may also face above mentioned problem. This problem may occur in Windows 10, Windows 8/8.1, Windows 7, Windows Vista, Windows Server 2016, Server 2012 and Server 2008. The remote host offered version which is not permitted by Encryption Oracle Remediation. A CredSSP authentication to failed to negotiate a common protocol version.
0 kommentar(er)
