After dumping the service for having a security vulnerability, Microsoft has revived the RDCMan software in Windows OS.

The Remote Desktop Connection Manager (RDCMan) is used by system admins to securely connect to a remote computer, and manage things. This was abandoned last year since having a security vulnerability that can leak data in transit.

Windows RDCMan is Back

Last year in March, Microsoft announced to deprecate the Remote Desktop Connection Manager (RDCMan) service in Windows due to a security vulnerability it possessed and didnโ€™t care to resolve it.

The vulnerability in RDCMan is about improperly parsing the โ€œXML input containing a reference to an external entityโ€ as Microsoft explained in its security advisory last year.

This allows an attacker who can exploit it successfully to โ€œread arbitrary files via an XML external entity (XXE) declaration.โ€

Tracked as CVE-2020-0765, this vulnerability can let attackers trick the authenticated users into opening RDG files having maliciously crafted XML content in them.

And instead of solving it, Microsoft in whole deprecated the project and advised users to try the Windows built-in Remote Desktop Connection (%windir%\system32\mstsc.exe) or the universal Remote Desktop client.

But now, after a year and a half, the companyโ€™s Azure CTO Mark Russinovich said itโ€™s reviving the RDCMan service once again. This is being added to the Sysinternals earlier this year and is now open for usage.

RDCMan is now revived with v2.8, with patching the vulnerability that Microsoft didnโ€™t talk about in detail now. Yet, it clarified that itโ€™s not the sole cause that made the company abandon the project.

The new RDCMan will now support Windows 8.1 and higher or Windows Server 2012 and higher. Interested users running on prior OS versions should get version 6 of the Terminal Services Client.

LEAVE A REPLY

Please enter your comment!
Please enter your name here