If you do neither, well… Ran into this problem and applied the temp fix. From File Explorer, choose Computer, right-click and select Properties, then click Change Settings, and go to the Remote tab. If both server and client are patched, nothing is needed. The function requested is not supported. So to just prompt and ask if they want to connect to an unpatched server is impossible without revealing the keys to kingdom.
But for a quick fix, this works. I'm guessing a prior patch caused the problem machine would complain about being out of date, but wouldn't install the Jan patches it said it needed. Additionally, presenting this sort of warning and prompt-to-continue to users is a bit silly because the majority of people will ignore it and do whatever they need to do to connect regardless of the security impact. For instance, we had a Windows 7 machine that hosted Remote Desktop. Workaround Microsoft is working on a resolution and will provide an update in an upcoming release.
The Resolution You really want to patch the servers so that they have the March patch. All servers where patched with only a few hours of delay. And then patch it to every currently supported version of Windows. But, basically, we can't erase authorship. Inventory is mostly consistent as we always know hosts allocated to a project. Posted an answer on behalf of the question author.
Would you like to answer one of these instead? Easiest solution is to connect to the Microsoft store and install the latest version of remote desktop. Microsoft pushed the update of May 2018 to harden the security by making it mandatory for both client and server computers to have the update installed. The recent Windows 10 updates released in May 2018 have introduced some improvements to the security of some protocols, eliminating problems related to known vulnerabilities. Issue does not affect those using remote desktop services to access servers on 2016. The solution is certainly patching the remote Windows. But in this case really mitigation strategy almost takes longer in total more to test, deploy than fix it once.
The function requested is not supported. Otherwise, in the meantime you can apply a Group Policy or registry edit. You can do this either via Group Policy or by changing the registry. I have lower the security of my station just to connect to that server. I am extremely skeptical of applying updates to my Win2k8R2 servers due to that rebooting bug and I am still not sure if it has been fixed. To allocate machine to user or allocate machine to project so that the machine stays with the same project which as per me has following advantages — 1. You can use group policy or registry to change it back to Vulnerable until you get your systems patched.
My Remote computer is Windows 8. Have you found others who are reporting this? Hope you are able to resolve this and move on. An attacker who successfully exploits this vulnerability could relay user credentials to execute code on the target system. However, with the latest update released this May, Microsoft hardened security, and you can no longer connect to machines without the update. From a security standpoint, it won't even let you view the certificate used for secure connections last time I checked , it also lacks smart-card support, multiple-monitor spanning, drive redirection, and others. You should patch the server-side or ask server administrator to patch it.
Note This setting should not be deployed until all remote hosts support the newest version. One caveat: All mentioned servers are non-english versions dutch as are all mentioned Windows 10 Pro clients. Those machines are slow to patch because I lost a lot of confidence in Microsoft this first quarter with the Windows 10 problem patches which hit me hard. You can fix this by changing the group policy in the local computer to use the vulnerable setting 1. Windows 10 - 1803 ends in xxx721. However, setting the policy to Vulnerable allows your workstation to now connect to the remote desktop session that was previously blocked by the mitigation. However, the downside of this medicine may exceed the illnesses they are trying to prevent.
I'm using Win 10 Home. So the solution is still to either update your systems or dial back the security and leave your systems vulnerable. It offers extensive information on a series of updates since March 2018. You can do it via group policy or you can do it manually. If you choose not to patch immediately which is reasonable then you at least need to track the impact of doing so. Later in April they will make it so that an error message will occur when you attempt to remote from a patched machine to an unpatched machine, and then later in May tentative at this time the default will be to enforce that remoting from a patched machine to an unpatched machine will not work. Changing the setting to Vulnerable will allow you to connect to unpatched servers.
It would allow an attacker to relay user credentials to execute code on a target system. I can confirm that if you patch the machine to version 1803 it contains the fix to this. The Group Policy setting you need is Encryption Oracle Remediation. As promised, the May update changed the default to Mitigated. Just note that the first line varies depending on which Windows version you are using, so it might be a good idea to open regedit and export any rule just to see what's in the first line and use the same version in your file. However, if you need to connect to a computer that hasn't received the update, you can downgrade the protection level to Vulnerable. I'd suggest getting the updates and then turning this security setting back on.