Start a new topic
Answered

Does RoyalTS use CredSSP

Hello,

MS announced a vulnerability in its RDP CredSSP provider. Does RoyalTS use Credssp and is a patch available from Royal or will the MS patch be sufficient?


CVE-2018-0886

https://www.securityweek.com/microsoft-patches-remote-code-execution-flaw-credssp


Thanks


Best Answer

Hi,


Royal TS is using Microsoft's RDP ActiveX control (a system component) which ships with Windows. The MS patch should also cover their RDP ActiveX control, so there's no need to patch Royal TS itself.


Regards,
Stefan


Answer

Hi,


Royal TS is using Microsoft's RDP ActiveX control (a system component) which ships with Windows. The MS patch should also cover their RDP ActiveX control, so there's no need to patch Royal TS itself.


Regards,
Stefan

Unable to connect to the server after updated local system.
An authentication error has occurred.
The function requested is not supported

Remote computer: xxx.xxx.xxx.xxx
This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660

 

Hi Igor,


according to the KB you mentioned, the defaults have been changed with the latest update. As far as I can tell, you can only resolve the issue by either updating your RDP components to the latest version or by manually setting the policy/registry value to allow the fallback of the client.


Since Royal TS is using the Microsoft RDP components which are shipped with Windows, we cannot really change this behavior.


Regards,
Stefan

Stefan,


Is there any update to this.  I have been seeing this awhile now with now work around other than potentially compromising the security of the system I want to connect to with Royal TA.  What is odd is that while I can't use Royal TS from my Windows 10 system to connect to other Windows systems now, I can use Royal TS on my Macbook Pro to connect to my remote Windows system without a problem.  Seems odd that the necessary  supported plugin works from the Mac side.


Sincerely,

Jason K.


Hi Jason,


the only update I can give you is that with the latest RDP components on the server and the client, all should work fine. On the Mac, the RDP connection is done by FreeRDP, an open source implementation and I'n not sure if and how they handle this situation. I can't really comment on that.


Regards,
Stefan

If you are ok with editing local group policy or your registry then this workaround worked well for me.

https://www.youtube.com/watch?v=Mp9vPS4Efto

Login or Signup to post a comment