CVE ID: CVE-2018-0886
Vendor Reference: CVE-2018-0886, KB4093492
At this time one of the detection logic items looks for:
KB4093492 settings has not been applied on the target:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters AllowEncryptionOracle is missing.
I have opened a case with Qualys to validate this logic. Per Microsoft, this registry configuration is not required if the end point has installed the May patch. The May patch puts implements functionality of CredSSP in a default state that is no longer vulnerable. The registry configuration is only required if you desire to alter the default state after the May patch is installed.
This should aid in preventing others from making unnecessary efforts to manual implement registry changes that are not needed. Qualys needs to update their detection logic.