[Updated Solution] CredSSP Encryption Oracle Remediation

[Updated] CredSSP Encryption Oracle Remediation

By Priyam Ghosh  •  June 23, 2023  •  130855 Views

CredSSP Encryption Oracle Remediation

There is a critical security vulnerability found in the Credential Security Support Provider protocol (CredSSP) that could potentially lead to remote code execution. This vulnerability allows an attacker to intercept and relay user credentials, enabling them to execute malicious code on the targeted system.

CredSSP serves as an authentication provider for various applications, making any application reliant on CredSSP susceptible to this type of attack.

For instance, an attacker could leverage this vulnerability to exploit Remote Desktop Protocol (RDP) sessions by running a specially crafted application and conducting a man-in-the-middle attack. By doing so, the attacker gains the ability to install unauthorized programs, access, modify, or delete data, or even create new user accounts with complete privileges.

To address this critical issue, a security update has been developed to rectify the authentication process in the Credential Security Support Provider protocol (CredSSP). This update ensures the proper validation of authentication requests, effectively mitigating the vulnerability and safeguarding systems from potential exploitation.

1. SCENARIO

[Solved] CredSSP Encryption Oracle Remediation

2. RDP SESSION

An update released by Microsoft (KB 4093492) on May 8, 2018, for Windows 10 Operation System was targeted to change the default settings CredSSP from Vulnerable to Mitigated.

A full list of the update and patches for all platforms can be obtained from here.

However, post patching this caused an issue where the patched clients were blocked from communicating with unpatched servers over RDP protocols.

This has been reported to cause an error thrown by Windows RDP as below:

[Solved] CredSSP Encryption Oracle Remediation

3. WORKAROUND

Use the group policy settings changes described below to rollback the changes to ‘Vulnerable’ state to allow RDP access.

  • Open Group Policy Editor, by executing gpedit.msc
  • Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation
  • Run gpedit.msc and expand Administrative Templates
CredSSP Encryption Oracle Remediation

Expand System

[Solved] CredSSP Encryption Oracle Remediation

Expand Credential Delegation

[Solved] CredSSP Encryption Oracle Remediation

Edit Encryption Oracle Remediation

[Solved] CredSSP Encryption Oracle Remediation

Select Enabled and change Production Level to Vulnerable

[Solved] CredSSP Encryption Oracle Remediation

3. Run the command gpupdate /force to apply group policy settings.

4. Your remote desktop connection will be working fine now.

CONCLUSION

This is just a workaround and defeats the purpose of the patching. However, we need to ensure that future updates are installed as and when released by Microsoft so that the vulnerability is not exposed. Please let us know if this has solved your error.

Note: The post was originally published on May 15, 2018, and updated on June 23, 2023

64 comments

    1. Hi Sirisha,

      Microsoft’s recent updates discarded the ENCRYPTION ORACLE REMEDIATION option from Group Policy Editor because this group policy is the main issue.

      Hence, you can run this below command in the command prompt to achieve the same result,

      REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

      1. don’t know if you’ll see this or not but, I couldn’t use rdp after updating my windows 10. now if I would do this, will i still be able to use rdp after uploading?

  1. Hi,
    I am unable to find ENCRYPTION ORACLE REMEDIATION option from Group Policy Editor after ran ” REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2 “in the comand prompt. Please advise on this issue.

  2. Thank you, Got worried after several attempt on connecting to RDP was abortive. But after following the process you listed it worked.

    1. you can run this below command in the command prompt to achieve the same result,

      REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

  3. hello
    i tried all the things you said and the changes were done fine but i still am finding the very same error. how do i get it resolved ?

  4. Hi

    REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

    Please run this command in cmd for which comp you want to take RDP of other comp this will solve the problem.

  5. thanks for your help the info given is very good and did it’s work
    my problem has been solved

  6. I am no getting the option “oracle encryption remediation” at the given path, other than that all the options are here

  7. I’m working with;

    REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

Leave a comment

Your email address will not be published. Required fields are marked *

Microsoft Partner
Microsoft Partner
Microsoft Partner
Microsoft Partner
Microsoft Partner
Microsoft Partner
Microsoft Fast Track
Microsoft Partner
MISA
MISA
Unravel The Complex
Stay Connected

Subscribe and receive the latest insights

Netwoven Inc. - Microsoft Solutions Partner

Get involved by tagging Netwoven experiences using our official hashtag #UnravelTheComplex