If you cannot RDP to VMs from your patched client, we can consider changing the policy settings on the client to temporarily gain RDP access to the servers. You can change the settings in Local Group Policy Editor. Execute gpedit.msc and browse to Computer Configuration / Administrative Templates / System / Credentials Delegation in the left pane:
Change the Encryption Oracle Remediation policy to Enabled, and Protection Level to Vulnerable:
Mitigation 2
If it is not possible to access to Local Group Policy Editor on the client (i.e. Windows Home versions), same change can be done through the registry:
REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2
After that, whether the established RDP session is secure or not depends on whether server is patched. Remember to un-do this when all the servers are patched.
