Solution
You can modify the WIN server or perform the following operations on the local client.
Take win10 as an example. For other versions, please adapt by yourself and run gpedit.msc to open the local Group Policy Editor.
Computer Configuration > Administrative Templates > System > Credential Assignment > Encrypted Oracle Remediation select Enable and select Vulnerable.
WIN10 Home Edition does not have gpedit.msc
Windows 10 Home Edition:
Solution 1: Uninstall the update;
Solution 2: Retrieve Group Policy
Operation: Create a new text document.bat.
Open the new text document and paste the document content:
@echo off
pushd"%~dp0"
dir/b C:\Windows\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~3*.mum >List.txt
dir/b C:\Windows\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~3*.mum >>List.txt
for /f %%iin ('findstr/i.List.txt 2^>nul') dodism/online /norestart/add-package:"C:\Windows\servicing\Packages\%%i"
pause
Save and close the text document.
Change the extension of the text document from txt to bat. When the extension modification prompt appears, press the OK button.
Right-click the New Text Document .bat file and select Run as administrator.
The batch processing window appears, wait for the processing to be completed, press any key to end and exit the cmd window
. Restart your computer, wait for the system configuration to be completed, and run –gpedit.msc to start the group policy, and it will open.
Background of the problem
I was confused when I first saw this error. After visiting the address given, I found that it probably means it is not safe and Microsoft needs to update it.
Credential Security Support Provider Protocol (CredSSP) is an authentication provider that handles authentication requests from other applications. A remote code execution vulnerability exists in unpatched versions of CredSSP. An attacker who successfully exploited this vulnerability could relay user credentials on the target system for code execution. Any application that relies on CredSSP for authentication may be vulnerable to this type of attack.
This security update resolves this vulnerability by correcting the way CredSSP validates requests during the authentication process.
The initial release on March 13, 2018 updates the CredSSP authentication protocol and remote desktop clients for all affected platforms.
Mitigation includes installing the update on all eligible client and server operating systems and then using the included Group Policy settings or registry-based equivalents to manage the setting options on client and server computers. We recommend that administrators apply this policy and set it to "Force Updated Client" or "Mitigated" on both client and server machines as soon as possible. These changes will require a reboot of the affected systems.
April 17, 2018
The Remote Desktop Client (RDP) update in KB 4093120 will enhance error messages that occur when updated clients cannot connect to servers that have not been updated.
May 8, 2018
Update that changes the default setting from "Vulnerable" to "Mitigated".
The related Microsoft Knowledge Base number is listed as CVE-2018-0886.
Reference links: