An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create an RDG file containing specially crafted XML content and convince an authenticated user to open the file. On March 12, 2020, Microsoft didn’t recommended uninstalling Remote Desktop Connection Manager (RDCMan), but many admins removed it from their management boxes and resorted to alternatives like mRemoteNG, RD Tabs, RDM and even purely paid solutions like RoyalTS. Their way of thinking was that by uninstalling RDCMan, an attacker could no longer trick them into use RDCMan using files with the *.rdg extension. Version 2.8 of Remote Desktop Connection Manager (RDCMan) is released as part of the SysInternals suite.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |