Solving A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP) on Windows RDP

WORKAROUND

Use the group policy settings changes described below to rollback the changes to ‘Vulnerable’ state to allow RDP access.

1. Open Group Policy Editor, by executing gpedit.msc

2. Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation

Run gpedit.msc and expand Administrative Templates

Expand System

Expand Credential Delegation

Edit Encryption Oracle Remediation

Select Enabled and change Production Level to Vulnerable

3. Run the command gpupdate /force to apply group policy settings.

4. Your remote desktop connection will be working fine now.

Src: https://www.netwoven.com/2018/05/15/solved-credssp-encryption-oracle-remediation/

Share

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.