• Problems with CredSSP updates CVE-2018-0886 breaking RDP connections

    Yet another mess.

    @GeekDiver reports:

    Looks like CVE-2018-0886  was included in the cumulative update and is breaking RDP connections and App feeds.   No backward compatibility in CredSSP right now we are dealing with 100 Windows 10 PCs that are affected.   Anyone else seeing this?

    The CVE-2018-0886 article lists every current version of Windows as falling under this patch’s spell.

    Microsoft has an extensive list of errors generated by this update in KB 4093492, which mentions this error and offers a link to https://go.microsoft.com/fwlink/?linkid=866660 — which, in turn, links back to the same article.

    Kinda like chasing your tail. Windows is the productivity OS, right?

    Susan aka Patch Lady note as of 5/9/2018:  Please note the problem is NOT with the update.  Rather the issue is that there’s a mismatch of patching levels.  In March Microsoft released an update that began the process of rolling out an update to CredSSP used in Remote Desktop connection.  In May the updates mandate that a patched machine can’t remote into an unpatched machine.  If you dig into the KB there is a registry workaround to [TEMPORARILY] disable the mandate, but the better and wiser move is to update the server or workstation you are remoting into.  Make sure the “thing” you are remoting into has an update.  Also note that for consumers and home computers you probably won’t see this issue.  This only has impact if you use Remote Desktop connection to remote into another computer.