An application that needs to access these types of data will require advanced knowledge of the software and platform on which it requires access to perform these functions. The main features of Remote Desktop Connection Manager include creation of user profiles, creation and connection of desktops, manage and change desktop layouts, create and manage multiple input methods, configure automatic redirection of keyboard and mouse events, and provide access to various device items such as printers, scanners, USB drives, web cameras, and virtualization software. In order to start using the program, a user will first need to create an administrator password which will be used for connection security between the computers that are sharing the same connection.Īn administrator also has the ability to create profiles, connect to and manage multiple sets of connections at the same time. Remote Desktop Connection Manager is capable of connecting to and running a number of remote desktop software such as Microsoft Windows, Citrix Systems, Mozilla Firefox, Open Office, and others. RDCMan is an open-source application which can easily be downloaded from the Microsoft site. To exploit the vulnerability, an attacker could create an RDG file containing specially crafted XML content and convince an authenticated user to open the file.Remote Desktop Connection Manager (rdcman) is a powerful tool which enables information technology (IT) managers to manage, coordinate and group remote desktop connections through a simplified user interface. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. Here's how Microsoft described the vulnerability:Īn information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity.
The vulnerability was assigned the ID CVE-2020-0765 and the latest RDCMan v2.82 addresses the issue.
Mark Russinovich, CTO of Microsoft Azure and co-creator of the Sysinternals utility suite, confirmed that RDCMan wouldn't be abandoned and it will now be a part of Sysinternals.Įarlier today, Microsoft also updated its CVE for the security issue found in RDCMan, stating that the problem has been fixed. However, earlier this year in February, it had a change of heart. Back in March last year, Microsoft said it will deprecate its Remote Desktop Connection Manager (RDCMan) after a security vulnerability was found in the software.
0 kommentar(er)
