(Since May 8th 2018)
You may find yourself having login issues via Remote Desktop (RDP) to a Windows Cloud VM or Dedicated Server; please see the following Support Release, from Microsoft, detailing the issue:
CredSSP updates for CVE-2018-0886
Why Is This Happening?
We will assume that the server is the issue here.
If you have the server set to not automatically apply updates, or is pending a restart to apply the required updates, but your local windows client machine is updating regularly, you may find yourself not being able to login to the server via Remote Desktop (RDP).
Basically, a security update is required on both the server and client to allow the connection; see the following taken from the "Summary" of the Microsoft release:
"Credential Security Support Provider protocol (CredSSP) is an authentication provider that processes authentication requests for other applications."
"A remote code execution vulnerability exists in unpatched versions of CredSSP. An attacker who successfully exploits this vulnerability could relay user credentials to execute code on the target system. Any application that depends on CredSSP for authentication may be vulnerable to this type of attack."
So essentially, you would need to apply the security update on both the server and client to address this vulnerability.
What Can I Do Now?
Again, we will assume the server is the issue here.
You have a number of choices:
- Login to the server via the "Console" and apply all pending updates/restart the server.
- Find a client machine that has not had the KB103727 Security Update installed as of yet then connect as normal via Remote Desktop; once connected go about applying updates to the server - before allowing that update to install again on the client machine.
- Remove the KB103727 Security Update from the client machine in use and follow Item 2.
We would always suggest that you apply updates rather than remove them, so our preference here would be Item 1, however, this process is not always a viable solution.
Considering this, if you must remove the Security Update you can do so via "Add/Remove Programs" in the "Control Panel" on your Windows Client machine.
For more articles relating to uninstalling the Security Update, you could also search for the following via your favourite search engine:
"How to uninstall specific Windows updates"
What If The Issue Is Not On The Server?
In this scenario, where the update is applied to the server and not the Windows Client machine, all you should need to do is run Windows updates and reboot the machine.
Depending on how many updates you have to apply, you may need to repeat this process until none remain.
If you have any queries on this, please contact our Support team - see the following for our contact details:
Please sign in to leave a comment.