Ensure both client & server side have latest patch installed so that RDP can be established in a secure way.
You can find the list of the corresponding KB number for each operating system here: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0886
If you cannot RDP to VMs from your patched client, we can consider changing the policy settings on the client to temporarily gain RDP access to the servers. You can change the settings in Local Group Policy Editor. Execute gpedit.msc and browse to Computer Configuration / Administrative Templates / System / Credentials Delegation in the left pane:
Change the Encryption Oracle Remediation policy to Enabled, and Protection Level to Vulnerable:
If it is not possible to access to Local Group Policy Editor on the client (i.e. Windows Home versions), same change can be done through the registry:
REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2
Tags: credssp, rdp, windows home
After that, whether the established RDP session is secure or not depends on whether server is patched. Remember to un-do this when all the servers are patched.