Microsoft Docsīut in February of 2021, almost an year after the news of deprecation, Mark Russinovich had something positive to share. Microsoft disclosed today in an update to the initial security advisory that the flaw was fixed in RDCMan 2. This version, released as part of the SysInternals suite, solves a critical vulnerability and allows admins in Microsoft-oriented networks to enjoy remote desktop connections again (relatively) safely. ago Alternatively, change the Display Settings at the parent level (at the top of the tree of a group) to 'Scale Remote Desktop' for both docked and undocked. In the future, you can expect even more capabilities, such as the ability to better manage multiple connections. Microsoft released a new version of Remote Desktop Connection Manager (RDCMan) this week. Go to Edit -> Properties -> Remote Desktop Settings. These clients offer increased security, and they are a key part of our engineering roadmap moving forward. Instead, we have two great supported client options: Remote Desktop Connection and Universal Client for Windows 10. However, RDCMan has not kept pace with the level of advanced technology that we’re pursuing. Default location: C:Program Files (x86)MicrosoftRemote Desktop Connection ManagerRDCMan. RDCMan is a client that is widely used to manage multiple remote desktop connections because it’s a convenient option. It never seemed very likely to return as Microsoft also started pushing for the native Remote Desktop Connection application (MSTSC) and the Microsoft Store Universal application. To exploit the vulnerability, an attacker could create an RDG file containing specially crafted XML content and convince an authenticated user to open the file. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. files used with Remote Desktop Connection Manager (RDCMan) from the SysInternals Suite. The Executive Summary on the vulnerability assessment page said the following:Īn information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity. Remote Desktop Connection Manager has undocumented plugin support. This is just a short blog post to celebrate the comeback of a well known Remote Desktop management software, RDCMan.īack in March 2020, the Microsoft Remote Desktop Connection Manager (RDCMan) got deprecated due to security issues.
0 Comments
Leave a Reply. |