Start a new topic
Answered

Does RoyalTS use CredSSP

Hello,

MS announced a vulnerability in its RDP CredSSP provider. Does RoyalTS use Credssp and is a patch available from Royal or will the MS patch be sufficient?


CVE-2018-0886

https://www.securityweek.com/microsoft-patches-remote-code-execution-flaw-credssp


Thanks


Best Answer

Hi,


Royal TS is using Microsoft's RDP ActiveX control (a system component) which ships with Windows. The MS patch should also cover their RDP ActiveX control, so there's no need to patch Royal TS itself.


Regards,
Stefan


Answer

Hi,


Royal TS is using Microsoft's RDP ActiveX control (a system component) which ships with Windows. The MS patch should also cover their RDP ActiveX control, so there's no need to patch Royal TS itself.


Regards,
Stefan

Unable to connect to the server after updated local system.
An authentication error has occurred.
The function requested is not supported

Remote computer: xxx.xxx.xxx.xxx
This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660

 

Hi Igor,


according to the KB you mentioned, the defaults have been changed with the latest update. As far as I can tell, you can only resolve the issue by either updating your RDP components to the latest version or by manually setting the policy/registry value to allow the fallback of the client.


Since Royal TS is using the Microsoft RDP components which are shipped with Windows, we cannot really change this behavior.


Regards,
Stefan

Login or Signup to post a comment