54244 Views
3 minutes read
Categories
Microsoft 365

[Solved] CredSSP Encryption Oracle Remediation

A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP). An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system.

CredSSP is an authentication provider which processes authentication requests for other applications; any application which depends on CredSSP for authentication may be vulnerable to this type of attack.

As an example of how an attacker could exploit this vulnerability against Remote Desktop Protocol, the attacker would need to run a specially crafted application and perform a man-in-the-middle attack against a Remote Desktop Protocol session. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The security update addresses the vulnerability by correcting how Credential Security Support Provider protocol (CredSSP) validates requests during the authentication process.

1. SCENARIO

2. RDP SESSION

An update released by Microsoft (KB 4093492)on May 8, 2018, for Windows 10 Operation System was targeted to change the default settings CredSSP from Vulnerable to Mitigated.

A full list of the update and patches for all platform can be obtained from here.

However, post patching this caused an issue where the patched clients were blocked from communicating with unpatched servers over RDP protocols.

This has been reported to cause an error thrown by Windows RDP as below:

[Solved] CredSSP Encryption Oracle Remediation

Discover a new world of sustainable, trusted cloud infrastructure with Modern Enterprise Data Center

3. WORKAROUND

Use the group policy settings changes described below to rollback the changes to ‘Vulnerable’ state to allow RDP access.

1. Open Group Policy Editor, by executing gpedit.msc

2. Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation

Run gpedit.msc and expand Administrative Templates

Expand System

[Solved] CredSSP Encryption Oracle Remediation

Expand Credential Delegation

[Solved] CredSSP Encryption Oracle Remediation

Edit Encryption Oracle Remediation

[Solved] CredSSP Encryption Oracle Remediation

Select Enabled and change Production Level to Vulnerable

[Solved] CredSSP Encryption Oracle Remediation

3. Run the command gpupdate /force to apply group policy settings.

4. Your remote desktop connection will be working fine now.

CONCLUSION

This is just a workaround and defeats the purpose of the patching. However, we need to ensure that future updates are installed as and when released by Microsoft so that the vulnerability is not exposed.

Priyam Ghosh

About Priyam Ghosh

Priyam has around 3+ years of experience in IT Infrastructure domain. He has extensive background in Hardware and Networking for Windows. He possesses understanding in managing Windows Server, Active Directory environment, SQL server, IIS and has experience in Virtualization technology in servers, desktops and storage.

LinkedinTwitterFacebook

42 replies on “[Solved] CredSSP Encryption Oracle Remediation”

I’m working with;

REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

I am no getting the option “oracle encryption remediation” at the given path, other than that all the options are here

Hi

REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

Please run this command in cmd for which comp you want to take RDP of other comp this will solve the problem.

hello
i tried all the things you said and the changes were done fine but i still am finding the very same error. how do i get it resolved ?

you can run this below command in the command prompt to achieve the same result,

REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

Thank you, Got worried after several attempt on connecting to RDP was abortive. But after following the process you listed it worked.

Hi,
I am unable to find ENCRYPTION ORACLE REMEDIATION option from Group Policy Editor after ran ” REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2 “in the comand prompt. Please advise on this issue.

Hi Sirisha,

Microsoft’s recent updates discarded the ENCRYPTION ORACLE REMEDIATION option from Group Policy Editor because this group policy is the main issue.

Hence, you can run this below command in the command prompt to achieve the same result,

REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

don’t know if you’ll see this or not but, I couldn’t use rdp after updating my windows 10. now if I would do this, will i still be able to use rdp after uploading?

Leave a Reply

Your email address will not be published. Required fields are marked *