![]() ![]() An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. ![]() Here's how Microsoft described the vulnerability:Īn information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity. The vulnerability was assigned the ID CVE-2020-0765 and the latest RDCMan v2.82 addresses the issue. Mark Russinovich, CTO of Microsoft Azure and co-creator of the Sysinternals utility suite, confirmed that RDCMan wouldn't be abandoned and it will now be a part of Sysinternals.Įarlier today, Microsoft also updated its CVE for the security issue found in RDCMan, stating that the problem has been fixed. ![]() However, earlier this year in February, it had a change of heart. Back in March last year, Microsoft said it will deprecate its Remote Desktop Connection Manager (RDCMan) after a security vulnerability was found in the software. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |