![[Solved] CredSSP Encryption Oracle Remediation](https://www.netwoven.com/wp-content/uploads/2020/06/Solved-CredSSP-Encryption-Oracle-Remediation.jpg)
A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP). An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system.
CredSSP is an authentication provider which processes authentication requests for other applications; any application which depends on CredSSP for authentication may be vulnerable to this type of attack.
As an example of how an attacker could exploit this vulnerability against Remote Desktop Protocol, the attacker would need to run a specially crafted application and perform a man-in-the-middle attack against a Remote Desktop Protocol session. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The security update addresses the vulnerability by correcting how Credential Security Support Provider protocol (CredSSP) validates requests during the authentication process.
1. SCENARIO
2. RDP SESSION
An update released by Microsoft (KB 4093492)on May 8, 2018, for Windows 10 Operation System was targeted to change the default settings CredSSP from Vulnerable to Mitigated.
A full list of the update and patches for all platform can be obtained from here.
However, post patching this caused an issue where the patched clients were blocked from communicating with unpatched servers over RDP protocols.
This has been reported to cause an error thrown by Windows RDP as below:
![[Solved] CredSSP Encryption Oracle Remediation](https://www.netwoven.com/wp-content/uploads/2020/06/img2-2.jpg)
Discover a new world of sustainable, trusted cloud infrastructure with Modern Enterprise Data Center
3. WORKAROUND
Use the group policy settings changes described below to rollback the changes to ‘Vulnerable’ state to allow RDP access.
1. Open Group Policy Editor, by executing gpedit.msc
2. Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation
Run gpedit.msc and expand Administrative Templates
Expand System
![[Solved] CredSSP Encryption Oracle Remediation](https://www.netwoven.com/wp-content/uploads/2020/06/img4-2.jpg)
Expand Credential Delegation
![[Solved] CredSSP Encryption Oracle Remediation](https://www.netwoven.com/wp-content/uploads/2020/06/img5-2.jpg)
Edit Encryption Oracle Remediation
![[Solved] CredSSP Encryption Oracle Remediation](https://www.netwoven.com/wp-content/uploads/2020/06/img6-2.jpg)
Select Enabled and change Production Level to Vulnerable
![[Solved] CredSSP Encryption Oracle Remediation](https://www.netwoven.com/wp-content/uploads/2020/06/img7-2.jpg)
3. Run the command gpupdate /force to apply group policy settings.
4. Your remote desktop connection will be working fine now.
CONCLUSION
This is just a workaround and defeats the purpose of the patching. However, we need to ensure that future updates are installed as and when released by Microsoft so that the vulnerability is not exposed.
65 replies on “[Solved] CredSSP Encryption Oracle Remediation”
WORKS FOR ME, THANKS
Awesome thank you!
thanks much it worked perfectly
Google first and best selection 🙂
Hi Priyam. Thanks for the article.
It helped a lot.
Thanks for all
Thanks for the help, really helpful
Thanks alot, problem solved!
Yes! It is resolved! Thank You!
Many Thanks Issue solved
Thanks, error Solved
What if the Encryption Oracle Remediation is not listed when I expand Credentials Delegation?
having the same issue
it is not listed
Worked like a charm … Sanchu
Thanks
Issue has been solved.
Thank you! It’s helpful! 🙂
Thanks friend
Awesome thank you!
command gpupdate /force is the thing nobody point on before you. Thanks!
solved. thanks
Solved. Thank you!
Is it safe after this settings or we need to do some other settings too for it to work safe
Solved… GR8…
Instructions were very simple and easy to follow. This resolved my issues. Thanks for the help provided.
Gr8. Thanks
Yeah, its working.
Thanks a lot!!
thank you so much.
my problem has been resolved
Thank you so much Sir, this works for me.
Thanks. It worked for me.
Thank you so much. My problem resolved too
Thank you very much bro, my problem is solved instantly
thank you so much..problem solved
Thank you so much. My problem resolved
I’m working with;
REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2
Its worked for me
Windows 10 Pro
Jan, 2020
It worked for me 🙂 Thank you.
I am no getting the option “oracle encryption remediation” at the given path, other than that all the options are here
same here in Windows 2012 r2
thanks for your help the info given is very good and did it’s work
my problem has been solved
Hi
REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2
Please run this command in cmd for which comp you want to take RDP of other comp this will solve the problem.
This resolved my issue when connection to HYper-V Manager
it worked. thanks
hello
i tried all the things you said and the changes were done fine but i still am finding the very same error. how do i get it resolved ?
same me
tried all these, it is still not working for me. do i need to restart the system or something?
you can run this below command in the command prompt to achieve the same result,
REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2
Thank you very much Priyam, it worked for me
This is the thing that actually worked for me!! Thanks!!
Thanks a million pal, worked just perfect for me.
pefect solutions, thank you very much saving so much time and efforts.
hats off 🙂
Thank you so much. Remote login problem has resolved
Thank you so much for the solution
Thank you, Got worried after several attempt on connecting to RDP was abortive. But after following the process you listed it worked.
thnk u so much..
Thanks a lot..it solved my issue
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4103723
I installed this patch on my windows 2016 standard and restarted, now iam able to take my server through RDP.
Try this it will definitely help you…….
Dhana
Hi,
I am unable to find ENCRYPTION ORACLE REMEDIATION option from Group Policy Editor after ran ” REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2 “in the comand prompt. Please advise on this issue.
I am not able to find the ENCRYPTION ORACLE REMEDIATION option. Any solution for this issue
Hi Sirisha,
Microsoft’s recent updates discarded the ENCRYPTION ORACLE REMEDIATION option from Group Policy Editor because this group policy is the main issue.
Hence, you can run this below command in the command prompt to achieve the same result,
REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2
Solved it for me, thanks!
many many thanks. its work for windows 10 home single language too.
don’t know if you’ll see this or not but, I couldn’t use rdp after updating my windows 10. now if I would do this, will i still be able to use rdp after uploading?
i have tried but invalid key error found
thank u , my problem has been resolved
Thank you so much. My problem resolved