Windows Latest Update Blocked Remote Desktop Connection to Windows VPS

Windows Latest Update Blocked Remote Desktop Connection to Windows VPS

feezioxiiifeezioxiii Member, Provider
edited May 11 in General

I thought I've late to the party, but seems like there is no thread about this on LET yet.

So yeah, Microsoft breaks things again..... They rolled out an update for PC in 10th and anyone who updated that patch will be unable to remote to their not up-to-date VPS.

How to fix:

  1. Update your VPS (Recommended)
  2. Using this method: https://www.reddit.com/r/sysadmin/c...eaks_remote_desktop_connections_over/dyov6iv/

Although this has been announced since March: https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018 But look like not many people know about this (including me lol)

Suggestion:

> Providers must update their windows template ASAP!

Discussion:

https://www.reddit.com/r/sysadmin/comments/8hzvko/patch_tuesday_megathread_20180508/
https://www.reddit.com/r/sysadmin/comments/8i4coq/kb4103727_breaks_remote_desktop_connections_over/

Anyone experiencing the same issue?

Solid and affordable licensed Windows VPSstarting from 6.5$/m: Here | UK | Hyper-V Based

Thanked by 1FHR

Comments

  • LyphiardLyphiard Member, Provider

    Yup, I had a client who was no longer able to access their dedicated server through Remote Desktop due to this issue.

    Nexril | Unmanaged KVM VPS and Dedicated Servers

  • levnodelevnode Member

    Yep, actually, not everyone can follow all their announcements. The way they did to RDP is completely mad.

    [https://billing.virmach.com/aff.php?aff=2040&pid=127](Virmach affiliate link. E3-1270/32G RAM/ 13IPs /2T for $49 - COUPON SAVE20 for 20% discount).

  • vpsGODvpsGOD Member, Provider

    Just disable the NLA and work around

    vpsgod.com : Shared | Reseller | VPS | SeedBox | RDP | Dedi | VPS Reseller

    $9/yr VPS- ovz Charlotte | 256MB RAM

  • AntKalaAntKala Member

    Had this happen to me too, had to login via vKVM, and update my server then remote desktop worked out again.

  • feezioxiiifeezioxiii Member, Provider

    @vpsGOD said: Just disable the NLA and work around

    I found that uninstalling the latest update on PC, update VPS, then reinstall the update on PC again worked just fine.

    Solid and affordable licensed Windows VPSstarting from 6.5$/m: Here | UK | Hyper-V Based

  • corbpiecorbpie Member

    Just rolled back that update, easy fix

    grape

  • ShakibShakib Member, Provider

    Solution: Start > Run > gpedit.msc > Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation Change it to Enable and in Protection level, change back to Vulnerable.

    This action should be done on your PC. If you can't find gpedit.msc by searching, press on your keyboard's Windows key+R key, open gpedit.msc and follow the instruction. I hope this will help.

    ~ Shakib Khan

    HostCram LLC - SSD Web Hosting, Reseller Hosting, VPS & Dedicated Servers

  • raindog308raindog308 Moderator

    @Shakib said: Solution: Start > Run > gpedit.msc > Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation Change it to Enable and in Protection level, change back to Vulnerable.

    I’m curious why Oracle is involved in this...?

    My Advice: VPS Advice

    For LET support, please click here.

  • emgemg Member
    edited May 13

    @raindog308 said:

    @Shakib said: Solution: Start > Run > gpedit.msc > Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation Change it to Enable and in Protection level, change back to Vulnerable.

    I’m curious why Oracle is involved in this...?

    This is not referring to Oracle, the company. It is referring to an oracle attack, which where an attacker can try different attacks and the "oracle" will leak information back. In effect, the oracle answers questions about whether the attack is succeeding or not, helping the attacker to refine the attack based on the oracle's responses.

    Example: Imagine a server that somehow leaks whether a given character in a password is correct. (This should never happen in real life!) Even if the password is very long and strong, the oracle will help the attacker. Thus the attacker can try each possible character in turn. There are 26 letters in English, plus upper/lower case, numbers, and special characters - not many. When the oracle tells the attacker that the first character is correct after only a few guesses, the attacker is free to move on to the second character, the third character, etc. Even if the password is a long, strong password, the attacker can guess it very quickly with the assistance of the oracle.

    If you are designing a password system where a user enters a username and password, it would not be a good idea to have two different error messages, "Username incorrect" and "Password incorrect." Doing so would create an oracle that could tell the attacker if they have a valid username. The attacker could focus on finding a valid username first, then go after the password. Hopefully your password system would not give an error message like, "Characters 1-3 correct, character 4 incorrect." Eeek!

    It would be better to have a password system that says, "Password entry failed" with no other information about WHY the password failed.

    Thanked by 4raindog308 saibal FHR bap
  • emgemg Member

    In case anyone cares, I ran the updates (formerly "Windows Update") on two recently created Windows Server 2016 Datacenter edition servers. One is the physical server, and the other is a Hyper-V virtual machine that runs on it. Both updated with no issues, and I was able to connect to them using Microsoft Remote Desktop from a Mac both before and after the updates. No magic incantations or registry editing was required.

  • Do not enable automatic Windows Updates.

    Always do the updates manually if need. Otherwise next time they push you another update it will break again.

  • feezioxiiifeezioxiii Member, Provider

    @try4lontalk said: Do not enable automatic Windows Updates.

    Always do the updates manually if need. Otherwise next time they push you another update it will break again.

    Yep, We should disable auto update and only update if something is critical in order to prevent downtime!

    Solid and affordable licensed Windows VPSstarting from 6.5$/m: Here | UK | Hyper-V Based

  • Just to make something clear, Microsoft has not broken anything in this update (rare for a change). This update was told to everyone and broadcasted in various SysAdmin forums to update and to scope in.

    This update resolves a critical security flaw in RDP which allows a attacker to Man-In-the-Middle RDP sessions.

    I would advise you to not uninstall this update and update and update your workstation too, as both require updating.

    Proof of Concept of the vuln has been public for a while, so can't wait till you post up on here that all your servers are hacked :D

    https://github.com/preempt/credssp

    P.S I am in no way pro-Microsoft, fuck them but this was handled correctly in my opinion.

Sign In or Register to comment.