Reply to post:

Microsoft to lock out Windows RDP clients if they are not patched against hijack bug

knelmes

OK, am I being stupid? The change to mitigated will still allow unpatched clients to access RD services. From the table in the documentation, in the row for 'Mitigated':

"Client applications that use CredSSP will not be able to fall back to insecure versions."

"Services that use CredSSP will accept unpatched clients."

So clients won't be able to connect to unpatched servers, right? But servers will still allow unpatched clients unless the server is set to 'Force updated clients'. Which MS aren't planning on doing. Which makes the opening line complete round objects.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon