Recently, I was scanning Windows system with Nessus ( a vulnerability scanner tool), Nessus show vulnerbilty in Windows Remote Desktop SSL. The Nessus advisory suggested to disable the RC4 cipher suites on RDP.
To fix this vulnerabiity, add following key into your registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000
Once applies, restart your system and re-run the Nessus scan again.
Labels: RC4 cipher, RDP, Security