To exploit the vulnerability, an attacker could create an RDG file containing specially crafted XML content and convince an authenticated user to open the file. ![]() An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. But there is no restriction about the RDCMan usage which can be used to connect remote Windows servers or VMs easily. RDCMan is the only other similar tool Ive used (outside of Windows Remote Desktop Connection). Recently Microsoft the creator of the RDCMan, promotes using Windows Virtual Desktop or MSTSC instead of the RDCMan. ![]() Here's how Microsoft described the vulnerability:Īn information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity. There is a native solution provided by Microsoft named Remote Desktop Connection Manager or RDCMan. Microsoft took RDCMan off the market in 2020 because of security flaws, but it is back now as part of SysInternals. This tool consolidates them into groups and thus allows settings and actions to be applied to a collection of hosts. ![]() The vulnerability was assigned the ID CVE-2020-0765 and the latest RDCMan v2.82 addresses the issue. RDCMan is for users who need to manage many RDP connections. The version we used back then (version 2.7. It was available as a free download until March 2020 when a critical vulnerability ( CVE-2020-0765) was found in the program. Mark Russinovich, CTO of Microsoft Azure and co-creator of the Sysinternals utility suite, confirmed that RDCMan wouldn't be abandoned and it will now be a part of Sysinternals.Įarlier today, Microsoft also updated its CVE for the security issue found in RDCMan, stating that the problem has been fixed. Remote desktop connection manager windows 10. If you’ve ever used the Remote Desktop Connection Manager (RDCMan), you might be familiar with how obnoxious it can be trying to configure groups and servers manually. RDCMan used to be a popular tool to collect, categorize and use multiple remote desktop connections in Microsoft-oriented networks. However, earlier this year in February, it had a change of heart. ![]() Back in March last year, Microsoft said it will deprecate its Remote Desktop Connection Manager (RDCMan) after a security vulnerability was found in the software.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |