Thats it, you should* (see note 4) now have a CVE-2020-0765 patched RDCMan.exeġ) You should still be on the lookout for a RDCMan alternative as this software is no longer maintained and might possibly no longer work with newer versions of RDP or new exploits could emerge.Ģ) This modification is purely for educational purposes, just to see if it could be done easily.ģ) Do this at your own risk, no guarantee is given.Ĥ) It’s a theoretical patch No testing with a malicious RDG file was done.ĥ) Although the Remote Desktop Connection Manager dowload was removed from the Microsoft site, The Wayback Machine still has it. Now we just need to save the changes to RDCMan.exe To save the changes to the RDCMan.exe go to the File menu and click Save Module… Leave options as is and hit OK After which the changes should show up in the main window of dnSpy. ITarian RMM (which is a part of the ITarian offering) allows. Remote Desktop Connection Manager is described as RDCMan manages multiple remote desktop connections.It is useful for managing server labs or large server farms where you need regular access to each machine such as automated checkin systems and data centers and is a Remote Desktop tool in the network & admin category. NET which makes it rather easy to make this modification with a tool like dnSpy Open the treeview to RDCMan\RDCMan.exe\RdcMan\RdgFile\OpenFile(string) : FileGroup Right click the OpenFile(string) method and choose Edit Method (C#) from the popup menu The original unmodified codeĪnd make the following changes Add XmlResolver = null to new XmlDocument and new XmlTextReaderĪfter adding the two XmlResolvers hit the Compile button. Remote Desktop Connection Manager Alternative 1 ITarian RMM (Remote Monitoring and Management). If that doesnt work for you, our users have ranked more than 10 alternatives to Remote Desktop Connection Manager, but unfortunately only two of them are Virtualization Tools. NET applications this can be achieved by setting the XmlResolver on the XmlDocument type to null. The best Virtualization alternative to Remote Desktop Connection Manager is Boxes, which is both free and Open Source. That being said If you want to use RDCMan but can’t because of the vulnerability then you still have the option to fix the issue yourself. RDG configuration file this sort of attack is pointless as someone who can modify that file already has access to the filesystem. Access your work computers from any computer. RDG file that was modified by an attacker which could then expose data via an XML external entity attack. Splashtop Business Access is a remote desktop solution for business professionals and small teams working remotely. The security vulnerabilty in RDCMan isn’t all that bad actually. This update to RDCMan, a utility for managing multiple remote desktop connections, resolves a crash happening on failure to connect to server groups. If you like having multiple connections with group based inheritance (as RDCMan does), you’re out of luck with those alternatives. At the same time Microsoft removed the download from their site pushing people towards the use of MSTSC or Universal Remote Desktop client. On maa security vulnerability was published for Remote Desktop Connection Manager (RDCMan).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |