Remote Desktop Connection Manager is back after receiving important security update

Microsoft building logo

Last year, Microsoft issued advice to stop using Remote Desktop Connection Manager (RDCMan) and turn to either Remote Desktop Connection or a universal Remote Desktop client instead.

The advice came after Microsoft deprecated RDCMan following the discovery of a serious security vulnerability which the company had said would not be fixed. But having been made part of the Windows Sysinternals tools collection, a fix has now been issued meaning that RDCMan is now safe to use once again.

See also:

The information disclosure vulnerability, tracked as CVE-2020-0765, bore the following description: "An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration".

Microsoft points out that in order to exploit the vulnerability, an attacker could create an RDG file containing specially crafted XML content and convince an authenticated user to open the file.

In addition to this, the company said:

Microsoft is not planning on fixing this vulnerability in RDCMan and has deprecated the application. Microsoft recommends using supported Remote Desktop clients and exercising caution when opening RDCMan configuration files (.rdg).

But now an update has been posted which informs users that:

RDCMan 2.82 is available through Sysinternals Remote Desktop Connection Manager - Windows Sysinternals | Microsoft Docs. This vulnerability has been addressed in this new version.

Image credit: Eric Glenn / Shutterstock

Comments are closed.

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.