This issue occurs while the Client has been updated with the following KB while the remote server has not been updated yet.

  • KB4103725 (Windows 8/10)
  • KB4103727 (Server 2016/2012)
  • KB4103718 (Windows 7)

What is CredSSP?

Credential Security Support Provider protocol (CredSSP) is an authentication provider that processes authentication requests for other applications. A remote code execution vulnerability exists in unpatched versions of CredSSP. An attacker who successfully exploits this vulnerability could relay user credentials to execute code on the target system. Any application that depends on CredSSP for authentication may be vulnerable to this type of attack. This security update addresses the vulnerability by correcting how CredSSP validates requests during the authentication process.

How to resolve this issue?

Basically, there are two solutions for this issue:

  1. Run “Windows Update” on the remote server (or the workstation) to which you are trying to connect. This will ensure that you have the latest patch on the remote box and you wouldn’t be facing this issue again. This would work provided your machine also has got the latest updates applied.
  2. If you can’t update the remote servers, you would have to create a new registry entry as shown below:

    Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters

    And create a new DWORD with the value name: AllowEncryptionOracle and the value: 2. If the key “CredSSP” and “Parameters” doesn’t exist, you will need to create it first. Or you can download and import the registry on this link.


Once above registry key is created, you must restart your client/computer without fail.

Source:
– https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0886
– https://www.experts-exchange.com/questions/29098796/CredSSP-encryption-oracle-remediation.html
– https://support.microsoft.com/en-us/help/4103727/windows-10-update-kb4103727

P.S. Please be aware that you modify the windows registry value. Please take necessary precaution before attempting this.