Unable to RDP to Virtual Machine: CredSSP Encryption Oracle Remediation

Overview

With the release of the March 2018 Security bulletin, there was a fix that addressed a CredSSP, “Remote Code Execution” vulnerability (CVE-2018-0886) which could impact RDP connections. The vulnerability was discovered to which the exploits observed were:

  1. Targets receive a malicious RTF Microsoft Office document
  2. After being opened, the malicious document causes the second stage of the exploit to be downloaded in the form of an HTML page with malicious code
  3. The malicious code triggers the use-after-free memory-corruption bug
  4. Accompanying shellcode then downloads and executes a malicious payload

Continue reading “Unable to RDP to Virtual Machine: CredSSP Encryption Oracle Remediation”

Troubleshoot a Broken Azure VM using Nested Virtualization in Azure (Managed Disk)

Please note that 3rd party virtualization software(s) for Windows 2016 Nested Virtualization feature is not supported. Only Hyper-V is currently supported.

Continue reading “Troubleshoot a Broken Azure VM using Nested Virtualization in Azure (Managed Disk)”

Troubleshoot a Broken Azure VM using Nested Virtualization in Azure (RDFE)

Please note that 3rd party virtualization software(s) for Windows 2016 Nested Virtualization feature is not supported. Only Hyper-V is currently supported.

Also note that as of right now, Nested Virtualization is only available in the following geographic locations:

Continue reading “Troubleshoot a Broken Azure VM using Nested Virtualization in Azure (RDFE)”

Troubleshoot a Broken Azure VM using Nested Virtualization in Azure (Unmanaged Disk)

Please note that 3rd party virtualization software(s) for Windows 2016 Nested Virtualization feature is not supported. Only Hyper-V is currently supported.

Continue reading “Troubleshoot a Broken Azure VM using Nested Virtualization in Azure (Unmanaged Disk)”

Linux Boot Error: Emergency Mode! (RDFE)

Reason for TSG: Boot diagnostics screen shows VM booting into Emergency Mode

Suggested Fix:

1) Before proceeding with Step 2 ensure you have an recovery VM located in the same Cloud Service, region and the same version (Or distribution) as the impacted VM. If you do not, create that new machine now.

Continue reading “Linux Boot Error: Emergency Mode! (RDFE)”

How to delete a VM and attach the OS disk as a Data Disk to a Recovery VM (RDFE)

1) Delete the VM from the Azure Portal choosing to keep all attached disks

2) Create a new recovery VM in the Azure Portal. This VM will need to be in the same Region and Resource Group (Cloud Service) as the broken machine

3) Once the recovery machine is created select it

4) Select Disks -> Attach Existing

Continue reading “How to delete a VM and attach the OS disk as a Data Disk to a Recovery VM (RDFE)”

How to delete a VM and attach the OS disk as a Data Disk to a Recovery VM (ARM)

1) Delete the VM from the Azure Portal choosing to keep all attached disks

2) Create a new recovery VM in the Azure Portal. This VM will need to be in the same Region and Resource Group as the broken machine

3) Once the recovery machine is created select it

4) Select Disks -> Add data disk

Continue reading “How to delete a VM and attach the OS disk as a Data Disk to a Recovery VM (ARM)”

How to Remote PowerShell to Azure VM (DIP to DIP)

Enter a PowerShell session from inside another VM located inside the same Vnet and run the following:

$Skip = New-PSSessionOption -SkipCACheck -SkipCNCheck Enter-PSSession -ComputerName “HOSTNAME” -port 5986 -Credential (Get-Credential) -useSSL -SessionOption $Skip

Continue reading “How to Remote PowerShell to Azure VM (DIP to DIP)”

How to setup a VM to boot to last good known configuration (ARM)

Symptom:

  • VM stuck in Reboot Loop. Often due to Failed Windows Updates.

Resolution:

1) If Azure PowerShell is not installed, please install it from http://azure.microsoft.com/en-us/downloads/

Continue reading “How to setup a VM to boot to last good known configuration (ARM)”