Microsoft May 2018 Security Update CredSSP Issue.
I just installed the May 2018 KB version on some of my Windows Server 2016 servers, which fixes the CredSSP vulnerability, but at the same time creates an issue when I try to RDP from a system without patches.
After I finished my work day, one of the project managers sent me a message that RDP was broken and that he could not connect to one of the working servers via RDP. I immediately went back to my workstation, tried to connect to RDP and got a very strange error message like below:
I followed the provided link and learned that Microsoft has released a security patch that affects the RDP mechanism. In particular, update CVE-2018-0886.
A remote code execution vulnerability exists in the CredSSP protocol. An attacker would need to launch a Man-in-the-middle (MITM) application attack against an RDP session, which would then give him an open door to install software, change user accounts, view or modify data, etc.
So it’s great that Microsoft has fixed this issue, but how to fix the above RDP error? Digging around I found two KB released by Microsoft.
http: //vvv.directory.update.microsoft.com/Search.asps? k = KB4093120
https: //vvv.directory.update.microsoft.com/Search.asps? k = KB4103715
These two KBs apply to Windows Server 2012 R2 and 2016, and Windows 8.1 and 10 (1607).
Therefore, after installing the knowledge base on Windows Server 2016, Server 2012 R2, and client computers, the issue was immediately resolved. Keep in mind that you need to reboot your systems after the update is complete, so it is best to schedule the update overnight.
Interesting problem with a fairly quick fix that was not easy to find. If you are using Google CVE-2018-0886, you will find a number of resources and documentation on this issue, as well as knowledge articles for other systems older than 2012 R2. Enjoy!