AnsweredAssumed Answered

     Microsoft Windows CredSSP updates for March 2018

Question asked by adamc on May 23, 2018
Latest reply on Jun 25, 2018 by William Tulaba

QID: 91438
CVE ID: CVE-2018-0886
Vendor Reference: CVE-2018-0886, KB4093492


At this time one of the detection logic items looks for:

KB4093492 settings has not been applied on the target:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters AllowEncryptionOracle is missing.


I have opened a case with Qualys to validate this logic.  Per Microsoft, this registry configuration is not required if the end point has installed the May patch.  The May patch puts implements functionality of CredSSP in a default state that is no longer vulnerable.  The registry configuration is only required if you desire to alter the default state after the May patch is installed.  


This should aid in preventing others from making unnecessary efforts to manual implement registry changes that are not needed.  Qualys needs to update their detection logic.