Security News > 2021 > August > Microsoft revives deprecated RDCMan after fixing security flaw
Microsoft has revived the Remote Desktop Connection Manager app that was deprecated last year due to an important severity information disclosure bug the company decided not to fix.
After discontinuing the app, Microsoft advised customers to switch to Windows built-in Remote Desktop Connection or the universal Remote Desktop client.
"An information disclosure vulnerability exists in the Remote Desktop Connection Manager application when it improperly parses XML input containing a reference to an external entity," Microsoft explained in the March 2020 security advisory.
As Microsoft Azure CTO Mark Russinovich revealed earlier this year, the company added RDCMan to the Windows Sysinternals toolkit and released version 2.8 in late June.
While the company didn't share any details on the security flaw addressed in RDCMan 2.8, the patched vulnerability was not the one that led to the app being discontinued last year.
Microsoft disclosed today in an update to the initial security advisory that the flaw was fixed in RDCMan 2.82, released on July 27 through the Sysinternals documentation website.
News URL
Related news
- Microsoft Copilot for Security prepares for April liftoff (source)
- Microsoft’s Security Copilot Enters General Availability (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft fixes Outlook security alerts bug caused by December updates (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft squashes SmartScreen security bypass bug exploited in the wild (source)
- Microsoft and Security Incentives (source)