CredSSP encryption oracle remediation

Share

CredSSP encryption Oracle remediation

When we try to connect by RDP to Windows servers, we receive the message: “An authentication error has occurred”. This could be due to CredSSP encryption oracle remediation.

CredSSP

This happens with every version of Windows server (2008, 2008r2, 2012,2016)

Some genius at Microsoft decided it would be a brilliant idea to block remote connections to Windows 2012R2 servers that were missing the March 2018 CredSSP patch, as long as your client was patched. This was supposedly to make it easier to remember to patch the servers. To add insult to injury, they even tried to blame Oracle for the mess.

According to 4093492, this “feature” was enabled on 2018-05-08. “By default, after this update is installed, patched clients cannot communicate with unpatched servers.” You can override this by creating a GPO and restarting all affected systems, but doing so would leave you permanently vulnerable to what is, in fact, a security issue. Furthermore, since a reboot is needed for the workaround, it is easier just to patch the servers, which was our initial plan.

 

To fix the Remote Desktop Protocol (RDP) authentication error linked to the CredSSP encryption oracle remediation on Windows OS, follow these steps:

  1. Update your Windows OS: Install ms KB4093120. Make sure both the local and remote computers have the latest Windows updates installed. Microsoft frequently releases security patches and updates to resolve known issues, including CredSSP-related vulnerabilities.
  2. Registry modification (for client-side):
    • Press Win + R on your keyboard to open the Run dialog box.
    • Type regedit and press Enter to open the Registry Editor.
    • Navigate to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters
    • If the Parameters key is not present, you might have to create it.
    • Within the Parameters key, make a new DWORD value called AllowEncryptionOracle.
    • Set the value of AllowEncryptionOracle to 2 (in hexadecimal).
    • Restart your computer for the changes to take effect.

 

3. Also, if you don’t want to follow the above steps you can simply create the registry using command prompt or Powershell.

REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2 and restart the computer.

 

4. On the client has the CredSSP update installed, run gpedit.msc, and then browse to Computer Configuration > Administrative Templates > System > Credentials Delegation in the navigation pane. Change the Encryption Oracle Remediation policy to Enabled, and then change the Protection Level to Vulnerable.

5. This is also one of the methods which we can use to resolve this issue.

  • On the server go to “ThisPC” right click on its Properties. It will take you to this path
  • Control Panel\All Control Panel Items\System
  • Click on remote
  • uncheck “Allow connections only from computers running Remote Desktop With Network Level Authentication (recommended)
  • Apply
  • Exit

 

Install the required patch for the respective OS to fix this issue.

Release date Product Platform Impact Max Severity Article Download Build Number
Mar 13, 2018 Windows Server, version 1909 (Server Core installation) Remote Code Execution Important 4556799 Security Update
Mar 13, 2018 Windows 10 Version 1909 for ARM64-based Systems Remote Code Execution Important 4556799 Security Update
Mar 13, 2018 Windows 10 Version 1909 for x64-based Systems Remote Code Execution Important 4556799 Security Update
Mar 13, 2018 Windows 10 Version 1909 for 32-bit Systems Remote Code Execution Important 4556799 Security Update
Mar 13, 2018 Windows Server, version 1903 (Server Core installation) Remote Code Execution Important 4556799 Security Update
Mar 13, 2018 Windows 10 Version 1903 for ARM64-based Systems Remote Code Execution Important 4556799 Security Update
Mar 13, 2018 Windows 10 Version 1903 for x64-based Systems Remote Code Execution Important 4556799 Security Update
Mar 13, 2018 Windows 10 Version 1903 for 32-bit Systems Remote Code Execution Important 4556799 Security Update
Mar 13, 2018 Windows Server 2019  (Server Core installation) Remote Code Execution Important 4551853 Security Update
Mar 13, 2018 Windows Server 2019 Remote Code Execution Important 4551853 Security Update
Mar 13, 2018 Windows 10 Version 1809 for ARM64-based Systems Remote Code Execution Important 4551853 Security Update
Mar 13, 2018 Windows 10 Version 1809 for x64-based Systems Remote Code Execution Important 4551853 Security Update
Mar 13, 2018 Windows 10 Version 1809 for 32-bit Systems Remote Code Execution Important 4551853 Security Update
Mar 13, 2018 Windows 10 Version 1803 for x64-based Systems Remote Code Execution Important 4103721 Security Update
Mar 13, 2018 Windows 10 Version 1803 for 32-bit Systems Remote Code Execution Important 4103721 Security Update
Mar 13, 2018 Windows Server, version 1803  (Server Core Installation) Remote Code Execution Important 4103721 Security Update
Mar 13, 2018 Windows 10 Version 1607 for x64-based Systems Remote Code Execution Important 4103723 Security Update
Mar 13, 2018 Windows Server, version 1709  (Server Core Installation) Remote Code Execution Important 4103727 Security Update
Mar 13, 2018 Windows 10 Version 1709 for x64-based Systems Remote Code Execution Important 4103727 Security Update
Mar 13, 2018 Windows 10 Version 1709 for 32-bit Systems Remote Code Execution Important 4103727 Security Update
Mar 13, 2018 Windows Server 2012 R2 (Server Core installation) Remote Code Execution Important 4103725 Monthly Rollup
Mar 13, 2018 Windows Server 2012 R2 (Server Core installation) Remote Code Execution Important 4103715 Security Only
Mar 13, 2018 Windows Server 2012 R2 Remote Code Execution Important 4103725 Monthly Rollup
Mar 13, 2018 Windows Server 2012 R2 Remote Code Execution Important 4103715 Security Only
Mar 13, 2018 Windows Server 2012 (Server Core installation) Remote Code Execution Important 4103730 Monthly Rollup
Mar 13, 2018 Windows Server 2012 (Server Core installation) Remote Code Execution Important 4103726 Security Only
Mar 13, 2018 Windows Server 2012 Remote Code Execution Important 4103730 Monthly Rollup
Mar 13, 2018 Windows Server 2012 Remote Code Execution Important 4103726 Security Only
Mar 13, 2018 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Remote Code Execution Important 4103718 Monthly Rollup
Mar 13, 2018 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Remote Code Execution Important 4103712 Security Only
Mar 13, 2018 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Remote Code Execution Important 4103718 Monthly Rollup
Mar 13, 2018 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Remote Code Execution Important 4103712 Security Only
Mar 13, 2018 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Remote Code Execution Important 4103718 Monthly Rollup
Mar 13, 2018 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Remote Code Execution Important 4103712 Security Only
Mar 13, 2018 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Remote Code Execution Important 4056564 Security Update
Mar 13, 2018 Windows Server 2008 for x64-based Systems Service Pack 2 Remote Code Execution Important 4056564 Security Update
Mar 13, 2018 Windows Server 2008 for Itanium-Based Systems Service Pack 2 Remote Code Execution Important 4056564 Security Update
Mar 13, 2018 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Remote Code Execution Important 4056564 Security Update
Mar 13, 2018 Windows Server 2008 for 32-bit Systems Service Pack 2 Remote Code Execution Important 4056564 Security Update
Mar 13, 2018 Windows RT 8.1 Remote Code Execution Important 4103725 Monthly Rollup
Mar 13, 2018 Windows 8.1 for x64-based systems Remote Code Execution Important 4103725 Monthly Rollup
Mar 13, 2018 Windows 8.1 for x64-based systems Remote Code Execution Important 4103715 Security Only
Mar 13, 2018 Windows 8.1 for 32-bit systems Remote Code Execution Important 4103725 Monthly Rollup
Mar 13, 2018 Windows 8.1 for 32-bit systems Remote Code Execution Important 4103715 Security Only
Mar 13, 2018 Windows 7 for x64-based Systems Service Pack 1 Remote Code Execution Important 4103718 Monthly Rollup
Mar 13, 2018 Windows 7 for x64-based Systems Service Pack 1 Remote Code Execution Important 4103712 Security Only
Mar 13, 2018 Windows 7 for 32-bit Systems Service Pack 1 Remote Code Execution Important 4103718 Monthly Rollup
Mar 13, 2018 Windows 7 for 32-bit Systems Service Pack 1 Remote Code Execution Important 4103712 Security Only
Mar 13, 2018 Windows Server 2016  (Server Core installation) Remote Code Execution Important 4103723 Security Update
Mar 13, 2018 Windows Server 2016 Remote Code Execution Important 4103723 Security Update
Mar 13, 2018 Windows 10 Version 1607 for 32-bit Systems Remote Code Execution Important 4103723 Security Update
Mar 13, 2018 Windows 10 Version 1511 for x64-based Systems Remote Code Execution Important 4088779 Security Update
Mar 13, 2018 Windows 10 Version 1511 for 32-bit Systems Remote Code Execution Important 4088779 Security Update
Mar 13, 2018 Windows 10 for x64-based Systems Remote Code Execution Important 4103716 Security Update
Mar 13, 2018 Windows 10 for 32-bit Systems Remote Code Execution Important 4103716 Security Update
Mar 13, 2018 Windows 10 Version 1703 for x64-based Systems Remote Code Execution Important 4103731 Security Update
Mar 13, 2018 Windows 10 Version 1703 for 32-bit Systems Remote Code Execution Important 4103731 Security Update

VMware Mastery

Hi, I've been working with Windows, VMware and Cloud technologies for more than 12 years. I love delving into the exciting realm of technology and enjoy sharing my knowledge with others. I write about IT and Technology, covering both technical and non-technical topics.

Leave a Reply