Unable to RDP to Virtual Machine: CredSSP Encryption Oracle Remediation

Overview

With the release of the March 2018 Security bulletin, there was a fix that addressed a CredSSP, “Remote Code Execution” vulnerability (CVE-2018-0886) which could impact RDP connections. The vulnerability was discovered to which the exploits observed were:

  1. Targets receive a malicious RTF Microsoft Office document
  2. After being opened, the malicious document causes the second stage of the exploit to be downloaded in the form of an HTML page with malicious code
  3. The malicious code triggers the use-after-free memory-corruption bug
  4. Accompanying shellcode then downloads and executes a malicious payload

Continue reading “Unable to RDP to Virtual Machine: CredSSP Encryption Oracle Remediation”