Step 2: Give Remote Desktop Manager a Try! Considering the costs of a data breach (and how furious your boss would be), it’s not worth the risk. But now that this bug has been made public, you can be certain that bad actors are mobilizing and will be specifically targeting this vulnerability. Yes, you and your team may have been using it for years. If you’re a current RDCMan user, then the advice is clear: stop using it. And overall, RDCMan - even by Microsoft’s admission - was always a very basic tool and never designed to handle sophisticated functions like utilizing 2FA, managing privileged accounts, securing sensitive data, generating strong passwords, creating audit logs, and so on. Plus, RDCMan only worked in Windows deployments. For example, it lacked many of the time-saving integrations available in other (and better) alternatives.
#Download microsoft remote desktop manager update
Here’s what ZDNet said about Microsoft’s response to the problem: “Instead of fixing the bug, Microsoft decided to retire RDCMan, seeing no reason to revive an app that received its last update almost six years ago.” Limited FunctionalityĮven before this major vulnerability was discovered, many users found RDCMan frustrating and limited. To exploit the vulnerability, an attacker could create an RDG file containing specially crafted XML content and convince an authenticated user to open the file. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.
Here is the bulletin:Īn information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity. In March, Microsoft announced that it was discontinuing Remote Desktop Connection Manager (RDCMan) due to a major security flaw ( CVE-2020-0765).
0 kommentar(er)
