An authentication error occurred. The function requested is not supported. This could be due to CredSSP encryption oracle remediation.

1. INTRODUCTION

A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP). An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system.

CredSSP is an authentication provider that processes authentication requests for other applications; any application which depends on CredSSP for authentication may be vulnerable to this type of attack.

As an example of how an attacker could exploit this vulnerability against the Remote Desktop Protocol, the attacker would need to run a specially crafted application and perform a man-in-the-middle attack against a Remote Desktop Protocol session. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The security update addresses the vulnerability by correcting how Credential Security Support Provider protocol (CredSSP) validates requests during the authentication process.

2. RDP SESSION

An update released by Microsoft (KB 4093492)on May 8, 2018, for Windows 10 Operation System was targeted to change the default settings CredSSP from Vulnerable to Mitigated.

However, post patching this caused an issue where the patched clients were blocked from communicating with unpatched servers over RDP protocols.

This has been reported to cause an error thrown by Windows RDP as below:

3. WORKAROUND

Use the group policy settings changes described below to rollback the changes to ‘Vulnerable’ state to allow RDP access.

1. Open Group Policy Editor, by executing gpedit.msc

2. Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials DelegationRun gpedit.msc and expand Administrative Templates

Expand System

Expand Credential Delegation

Edit Encryption Oracle Remediation

Select Enabled and change Production Level to Vulnerable

3. Run the command gpupdate /force to apply group policy settings.

4. Your remote desktop connection will be working fine now.

CONCLUSION

This is just a workaround and defeats the purpose of the patching. However, we need to ensure that future updates are installed as and when released by Microsoft so that the vulnerability is not exposed.