A remote code execution vulnerability in CredSSP provider have been found recently (CVE-2018-0886). It affects RDP and WinRM on all supported Windows versions. An attacker who successfully exploits this vulnerability could relay user credentials to execute code on the target system. Any application that depends on CredSSP for authentication may be vulnerable to this type of attack.You can find more information here:Security Advisory: Critical Vulnerability in CredSSP Allows Remote Code Execution on Servers Through MS-RDP (Video).
It requires the attacker to have access to your network first. But take it seriously – patch your systems.
The fix does not have its own but instead it was included in various KBs:
The patch was included in March’s patch Tuesday so many Windows Update ready computers should be safe now.
Microsoft plans to make graceful transition from vulnerable to mitigated state of the protocol so clients have time to update and check compatibility/stability. They will release three updates to mitigate the issue:
1) First patch will fix the issueby correcting how CredSSPvalidates requests during the authentication process. The update will introduce a new registry key (and a group policy option Encryption Oracle Remediation) that will change the behavior of CredSSP clients and servers. It was already released on March 13, 2018
Administrators are encouraged toapply the policy and set it to “Force updated clients” or “Mitigated” on client and server computers as soon as possible. These changes will require a reboot of the affected systems
2) On April 17, 2018 Microsoft will release an update to RDP Client (MSTSC) that will enhance the error message that is presented when an updated client fails to connect to a server that has not been updated
3) On May 8, 2018 an update will be released to change the default setting from Vulnerable to Mitigated
Go, patch and configure your systems guys 🙂
Good news for all Delphi guys – Idera added the Mobile pack add-on to Professional versions! That’s great, a step in the right direction and will be appreciated by the community. Since Embarcadero’s acquisition by Idera good things begin to happen.
Here is the official announcement:Mobile Support in Delphi and C++Builder 10.2.3 Professional Edition
The steps to add Mobile support to your installation are described here:Delphi and C++Builder 10.2.3 Professional – Mobile Pack Installation Instructions
In short – you will receive an email with a link to request your serial number. Type your existing Delphi key. You’ll receive a mail with a serial number for Mobile pack add-on. Then you need to update to version 10.2.3, go to Control Panel and from the list of programs find your Delphi 10.2.3 installation. Click Change, then Upgrade and enter the new key. The mobile pack add-on will be included in the installation.
If you’ve not been offered any security updates since January there’s a reason. It appears that some Antivirus programs make unsupported API calls to Windows kernel memory that interfere with January’s updates (especially Meltdown and Spectre patches) and may lead to BSoDs (Blue Screen of Death). To protect customers Microsoft have stopped offering security updates to devices with unsupported AVs.
While waiting for a fix from AV vendors (and if you’re absolutely sure you know what you’re doing) you can temporarily disable the compatibility check. The fix is just a registry key:
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat Type: REG_DWORD Value: cadca5fe-87d3-4b96-b7fb-a231484277cc Data: 0x00000000
According to Microsoft as of March 13-th most of the AV vendors have fixed their products so the compatibility check will be removed soon.
You can find more information here:https://support.microsoft.com/en-us/help/4072699/windows-security-updates-and-antivirus-software
You have a Windows 10 1703 computer / VM and you have upgraded it to version 1703. When you run sysprep it fails with the following error: