New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Windows Latest Update Blocked Remote Desktop Connection to Windows VPS
feezioxiii
Member, Host Rep
I thought I've late to the party, but seems like there is no thread about this on LET yet.
So yeah, Microsoft breaks things again..... They rolled out an update for PC in 10th and anyone who updated that patch will be unable to remote to their not up-to-date VPS.
How to fix:
- Update your VPS (Recommended)
- Using this method: https://www.reddit.com/r/sysadmin/c...eaks_remote_desktop_connections_over/dyov6iv/
Although this has been announced since March: https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018 But look like not many people know about this (including me lol)
Suggestion:
> Providers must update their windows template ASAP!
Discussion:
https://www.reddit.com/r/sysadmin/comments/8hzvko/patch_tuesday_megathread_20180508/ https://www.reddit.com/r/sysadmin/comments/8i4coq/kb4103727_breaks_remote_desktop_connections_over/
Anyone experiencing the same issue?
Thanked by 1FHR
Comments
Yup, I had a client who was no longer able to access their dedicated server through Remote Desktop due to this issue.
Yep, actually, not everyone can follow all their announcements. The way they did to RDP is completely mad.
Just disable the NLA and work around
Had this happen to me too, had to login via vKVM, and update my server then remote desktop worked out again.
I found that uninstalling the latest update on PC, update VPS, then reinstall the update on PC again worked just fine.
Just rolled back that update, easy fix
Solution: Start > Run > gpedit.msc > Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation
Change it to Enable and in Protection level, change back to Vulnerable.
This action should be done on your PC. If you can't find gpedit.msc by searching, press on your keyboard's Windows key+R key, open gpedit.msc and follow the instruction. I hope this will help.
~ Shakib Khan
I’m curious why Oracle is involved in this...?
This is not referring to Oracle, the company. It is referring to an oracle attack, which where an attacker can try different attacks and the "oracle" will leak information back. In effect, the oracle answers questions about whether the attack is succeeding or not, helping the attacker to refine the attack based on the oracle's responses.
Example:
Imagine a server that somehow leaks whether a given character in a password is correct. (This should never happen in real life!) Even if the password is very long and strong, the oracle will help the attacker. Thus the attacker can try each possible character in turn. There are 26 letters in English, plus upper/lower case, numbers, and special characters - not many. When the oracle tells the attacker that the first character is correct after only a few guesses, the attacker is free to move on to the second character, the third character, etc. Even if the password is a long, strong password, the attacker can guess it very quickly with the assistance of the oracle.
If you are designing a password system where a user enters a username and password, it would not be a good idea to have two different error messages, "Username incorrect" and "Password incorrect." Doing so would create an oracle that could tell the attacker if they have a valid username. The attacker could focus on finding a valid username first, then go after the password. Hopefully your password system would not give an error message like, "Characters 1-3 correct, character 4 incorrect." Eeek!
It would be better to have a password system that says, "Password entry failed" with no other information about WHY the password failed.
In case anyone cares, I ran the updates (formerly "Windows Update") on two recently created Windows Server 2016 Datacenter edition servers. One is the physical server, and the other is a Hyper-V virtual machine that runs on it. Both updated with no issues, and I was able to connect to them using Microsoft Remote Desktop from a Mac both before and after the updates. No magic incantations or registry editing was required.
Do not enable automatic Windows Updates.
Always do the updates manually if need. Otherwise next time they push you another update it will break again.
Yep, We should disable auto update and only update if something is critical in order to prevent downtime!
Just to make something clear, Microsoft has not broken anything in this update (rare for a change). This update was told to everyone and broadcasted in various SysAdmin forums to update and to scope in.
This update resolves a critical security flaw in RDP which allows a attacker to Man-In-the-Middle RDP sessions.
I would advise you to not uninstall this update and update and update your workstation too, as both require updating.
Proof of Concept of the vuln has been public for a while, so can't wait till you post up on here that all your servers are hacked
https://github.com/preempt/credssp
P.S I am in no way pro-Microsoft, fuck them but this was handled correctly in my opinion.