In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
The following error occurred when using windows for remote desktops:
According to official information, this problem was caused by the update of Windows on May 8, 2018 (CredSSP update for CVE-2018-0886). A remote code execution vulnerability in the unpatched version of CredSSP was previously fixed, but the update released on May 8 changed the default setting of encrypted Oracle Correction from vulnerable to mitigated updates.
Therefore, after installing this update, the patched client cannot communicate with the unpatched server by default, and the error prompt as shown in the figure above pops up.
Common solutions:
1. For patched clients
Through Group Policy (more convenient): run gpedit.msc Local Group Policy, select "computer configuration" > "Administrative templates" > "system" > "credential assignment" > "encryption Oracle Correction", select "enable" and select "vulnerable". If the group policy does not have an encryption Oracle correction, this computer has not been patched and updated.
Through the registry (for the home version of Windows without group policy): run the regedit registry, jump to the path: HKLM (abbreviated)\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ System\ CredSSP\ Parameters, create your own if you don't have the corresponding table entry, create a new data with the type DWORD (32) bit and name "AllowEncryptionOracle" in the right column of the Parameters key, and finally restart the computer.
2. For unpatched servers
Modify remote settings (not recommended): run sysdm.cpl system properties, select remote, and uncheck only computer connections that are allowed to run remote desktops using network basic authentication (recommended).
Install update patch (recommended): most of the methods available online are to modify the reorganization policy on the client, but in fact, this method reduces the security of the computer, does not meet Microsoft's official expectations, and is not recommended for long-term settings. The best practice should be to install the appropriate security update package on unpatched computers, especially on enterprise servers. You can download and install the security update packages of Microsoft operating systems on May 8, 2018. The update packages corresponding to common system versions are listed below:
Windows 10 version 1703-KB4103731
Windows 8.1 and Windows Server 2012 R2-KB4103715
Windows 7 SP1 and Windows Server 2008 R2 SP1-KB4103712
Both the client and server need to be updated, otherwise Windows and third-party CredSSP clients may not be able to connect to Windows or third-party hosts. For conditions that cause the operation to fail, see the interoperability matrix below.
CredSSP protocol server
Guest
Households
End
Clients that are not patched and forced to update are vulnerable to * unpatched permission
Block clients that allow forced updates to allow mitigation to allow vulnerable to
Reference to the article:
CredSSP updates for CVE-2018-0886
Windows official Patch download Center
KB4103731-May 8, 2018-Windows 10 Historical updates
Windows 8.1 and Windows Server 2012 R2 update history
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.