Nessus Output:

Description
The remote host is missing one or more of the following Microsoft updates: KB2871997, KB2973351, KB2975625, KB2982378, KB2984972, KB2984976, KB2984981, KB2973501, or KB3126593. 
These updates are needed to improve the protection against possible credential theft.
- For Windows 7 / 2008 R2 :
KB2984972, KB2871997, KB2982378, and KB2973351 are required; also, KB2984976 (if KB2592687 is installed) or KB2984981 (if KB2830477 is installed).
- For Windows 8 / 2012 :
KB2973501, KB2871997, and KB2973351 are required.
- For Windows 8.1 / 2012 R2 :
KB2973351 (if Update 1 is installed) or KB2975625 (if Update 1 isn't installed).
These updates provide additional protection for the Local Security Authority (LSA), add a restricted administrative mode for Credential Security Support Provider (CredSSP), 
introduce support for the protected account-restricted domain user category, enforce stricter authentication policies, add additional protection for users' credentials, and add a restricted administrative mode for Remote Desktop Connection and Remote Desktop Protocol.
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Output
A required registry setting is missing:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential = 0
More information: https://blogs.technet.microsoft.com/kfalde/2014/11/01/kb2871997-and-wdigest-part-1/

Manual verification

REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest" /v "UseLogonCredential"

Fix

REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest" /f /v "UseLogonCredential" /t REG_DWORD /d 0x0

Fix via Group Policy

Create a Group Policy registry preference:

Or via the Pass the Hash mitigations security templates

You can download the admx files here:
https://blogs.technet.microsoft.com/secguide/2014/08/13/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final/

Check via Nessus Auditfile

<custom_item>
 type : REGISTRY_SETTING
 description : "CCE-38444-6:Set 'WDigest Authentication' to 'Disabled'"
 value_type : POLICY_DWORD
 reg_key : "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest"
 reg_item : "UseLogonCredential"
 value_data : 0
 reg_option : CAN_NOT_BE_NULL
</custom_item>

References

• KB2871997 and Wdigest – Part 1
• KB2871997 and Wdigest – Part 2
• Microsoft Security Advisory 2871997
• An Overview of KB2871997
• The Importance of KB2871997 and KB2928120 for Credential Protection
• How to Mitigate Mimikatz WDigest Cleartext Credential Theft