Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7
Fixed In:
14.1.0, 14.0.0, 13.1.0.8
Opened: Apr 11, 2018 Severity: 3-Major
To address a vulnerability in their CredSSP implementation Microsoft released set of updates for all versions of Windows (https://aka.ms/credssp). Although the APM implementation is not affected by this vulnerability, the Microsoft Windows Server fix introduces compatibility issues. The update adds new Group Policy 'Encryption Oracle Remediation', which, if set to 'Force Updated Clients' on the server might break SSO for APM's native RDP resources.
SSO for native RDP resources does not work.
-- RDP server has https://aka.ms/credssp update installed. -- 'Encryption Oracle Remediation' Group Policy on the RDP server is set to 'Force Updated Clients'.
Set 'Encryption Oracle Remediation' Group Policy on the RDP server to 'Mitigated'.
SSO for native RDP resources is now compatible with the 'Force Updated Clients' setting of 'Encryption Oracle Remediation' Group Policy.