Windows CredSSP Remote Desktop Connection Error

We have received some reports from customers who are receiving a Windows Remote Desktop Connection (RDP) authentication error connecting to their VPS. This error is coming from a forced RDP client security update released from Microsoft in March 2018 that is now being enforced. The following error is realized when connecting from a patched client (home or work) computer to an unpatched Windows VPS server. Customers who have not updated their VPS since February 2018 may encounter the RDP authentication error and be prevented from connecting to their VPS temporarily.

As a temporary workaround you may follow these instructions to regain access to the VPS. The Windows VPS will need to be updated and restarted at your next convenience so that it has the same security update.

Download:

http://www.forexvps.net/res/downloads/Windows-CredSSP-registry-security-toggle.zip

Instructions:

  1. Extract (2) reg files from Windows-CredSSP-registry-security-toggle.zip
  2. Run “Windows-CREDSSP-temporary-lower-security.reg” to update homepc Windows registry temporarily to lower new security setting
  3. RDP connect to the VPS and complete the Windows Updates and reboot once completed
  4. Run “Windows-CREDSSP-reguler-mitigated-security.reg” to update homepc Windows registry to reenable the regular higher security setting
  5. Test RDP connection to VPS again and it should continue to work

Microsoft reference information:
https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

Microsoft Updates April 2018

Microsoft released new Windows updates this week.  Looking at the list of updates this month there is an important Windows RDP service security vulnerability announced.  An attacker who successfully exploited this vulnerability could cause the RDP service on the target VPS to stop responding.    There are also other important security updates and all should be done at the next earliest convenience.

We advise using the pre-installed Chrome browser (which auto updates) and minimizing your web browsing from your VPS for added security.

Windows RDP service security advisory:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0976

You can update your VPS by going to “Control Panel > Windows Update”.  We recommend updating over weekends only and rebooting after.

The SANS Internet Storm Center (ISC) has the best quick overview of the updates each month. https://isc.sans.edu/forums/diary/Microsoft+April+2018+Patch+Tuesday/23539/

Reference:
https://portal.msrc.microsoft.com/

Microsoft Updates January 2017

Microsoft released a few new Windows updates this last week. It’s a very light month with only a few and none of them are relevant as far as any risk to our VPS.

The SANS Internet Storm Center (ISC) has the best quick overview of the updates each month. https://isc.sans.edu/forums/diary/January+2017+Microsoft+Patch+Tuesday/21915/

Reference:
https://technet.microsoft.com/en-us/library/security/ms17-jan.aspx

Microsoft Updates November 2016

Microsoft released new Windows updates last week. Looking at the list of updates this month there are none remotely exploitable externally (from outside the VPS) with the default configuration of our VPS. However, there are web browser vulnerabilities for Internet Explorer which could be remotely exploited if you visited a website with malicious code and were not updated yet. We advise minimizing your web browsing from your VPS for added security. Nevertheless, there are some important updates to also protect against local vulnerabilities including the usual cumulative update for Internet Explorer and Edge web browsers.

You can update your VPS by going to “Control Panel > Windows Update”. We recommend updating over weekends only and rebooting after.

The SANS Internet Storm Center (ISC) has the best quick overview of the updates each month. https://isc.sans.edu/forums/diary/November+2016+Microsoft+Patch+Day/21689/

Reference:
https://technet.microsoft.com/en-us/library/security/ms16-nov.aspx

Microsoft Updates October 2016

Microsoft released new Windows updates this week. Looking at the list of updates this month there are none remotely exploitable externally (from outside the VPS) with the default configuration of our VPS. However, there are web browser vulnerabilities for Internet Explorer which could be remotely exploited if you visited a website with malicious code and were not updated yet. We advise minimizing your web browsing from your VPS for added security. Nevertheless, there are some important updates to also protect against local vulnerabilities including the usual cumulative update for Internet Explorer and Edge web browsers.

You can update your VPS by going to “Control Panel > Windows Update”. We recommend updating over weekends only and rebooting after.

The SANS Internet Storm Center (ISC) has the best quick overview of the updates each month. https://isc.sans.edu/forums/diary/Microsoft+and+Adobe+Patch+Tuesday+October+2016/21581/

Reference:
https://technet.microsoft.com/en-us/library/security/ms16-oct.aspx

Microsoft Updates September 2016

Microsoft released new Windows updates this week. Looking at the list of updates this month there are none remotely exploitable externally (from outside the VPS) with the default configuration of our VPS. However, there are web browser vulnerabilities for Internet Explorer which could be remotely exploited if you visited a website with malicious code and were not updated yet. We advise minimizing your web browsing from your VPS for added security. Nevertheless, there are some important updates to also protect against local vulnerabilities including the usual cumulative update for Internet Explorer and Edge web browsers.

You can update your VPS by going to “Control Panel > Windows Update”. We recommend updating over weekends only and rebooting after.

The SANS Internet Storm Center (ISC) has the best quick overview of the updates each month. https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+Analysis/21477/

Reference:
https://technet.microsoft.com/en-us/library/security/ms16-sep.aspx