![]() ![]() ![]() The Group Policy setting is in Computer Configuration \ Policies \ Administrative Templates \ System \ Credentials Delegation, and the setting itself is Encryption Oracle Remediation. This update provided a new registry setting, and a related Group Policy template item, to control whether an updated computer can fall back to the outdated protocol when making a connection to or from an outdated computer, or whether the connection will fail. If either client or target are not updated, either the client will connect using the vulnerable older protocol, or the connection will be blocked. If both the client and target computers are updated, the connection will be safe. The first security updates were released on March 13, 2018. Updating the Remote Desktop software to use this new function.Updating the CredSSP protocol to enable "encryption oracle remediation", and.The flaw could allow someone to capture your credentials if he has access to the traffic between your client computer and the target. In March 2018, Microsoft announced a newly discovered vulnerability in the CredSSP protocol, which is used by Remote Desktop Connection to authenticate your password or smart card using Network Level Authentication (NLA). If you ever access computers via Remote Desktop over a connection that could be exposed to a man-in-the-middle compromise, plan for updating the target computers, and remove this registry or policy setting when done. You can also set this via Group Policy (details below). HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ CredSSP \ Parameters If you can't update or reconfigure the target computer, set this registry key on your client computer, and reboot:.But, if your connection could possibly be exposed to a man-in-the-middle compromise, plan for updating the target. If you can't update the target computer, you can enable the option to "Allow connections from computers running any version of Remote Desktop" on the target.Apply Windows security updates through at least March 2018 to the target computer (Windows 7 or Windows Server 2008 or later only).To fix this particular situation, do one of the following, in order of desirability: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |