Unable to RDP to Virtual Machine: CredSSP Encryption Oracle Remediation

Overview

With the release of the March 2018 Security bulletin, there was a fix that addressed a CredSSP, “Remote Code Execution” vulnerability (CVE-2018-0886) which could impact RDP connections. The vulnerability was discovered to which the exploits observed were:

  1. Targets receive a malicious RTF Microsoft Office document
  2. After being opened, the malicious document causes the second stage of the exploit to be downloaded in the form of an HTML page with malicious code
  3. The malicious code triggers the use-after-free memory-corruption bug
  4. Accompanying shellcode then downloads and executes a malicious payload

Continue reading “Unable to RDP to Virtual Machine: CredSSP Encryption Oracle Remediation”

Troubleshoot a Broken Azure VM using Nested Virtualization in Azure (Managed Disk)

Please note that 3rd party virtualization software(s) for Windows 2016 Nested Virtualization feature is not supported. Only Hyper-V is currently supported.

Continue reading “Troubleshoot a Broken Azure VM using Nested Virtualization in Azure (Managed Disk)”

Troubleshoot a Broken Azure VM using Nested Virtualization in Azure (RDFE)

Please note that 3rd party virtualization software(s) for Windows 2016 Nested Virtualization feature is not supported. Only Hyper-V is currently supported.

Also note that as of right now, Nested Virtualization is only available in the following geographic locations:

Continue reading “Troubleshoot a Broken Azure VM using Nested Virtualization in Azure (RDFE)”

Linux Boot Error: Emergency Mode! (RDFE)

Reason for TSG: Boot diagnostics screen shows VM booting into Emergency Mode

Suggested Fix:

1) Before proceeding with Step 2 ensure you have an recovery VM located in the same Cloud Service, region and the same version (Or distribution) as the impacted VM. If you do not, create that new machine now.

Continue reading “Linux Boot Error: Emergency Mode! (RDFE)”

How to delete a VM and attach the OS disk as a Data Disk to a Recovery VM (RDFE)

1) Delete the VM from the Azure Portal choosing to keep all attached disks

2) Create a new recovery VM in the Azure Portal. This VM will need to be in the same Region and Resource Group (Cloud Service) as the broken machine

3) Once the recovery machine is created select it

4) Select Disks -> Attach Existing

Continue reading “How to delete a VM and attach the OS disk as a Data Disk to a Recovery VM (RDFE)”