Microsoft has this week announced the closure of its Remote Desktop Connection Manager (RDCMan) app. The company says it took the decision following the disclosure of a critical vulnerability in the service.
If you’re unfamiliar with RDCMan, it is an application that gives users the ability to remotely connect from Windows PC to Windows PC using the Remote Desktop Protocol (RDP). It was originally part of the Windows Live Experience and used internally within Microsoft. The tool received a dedicated website for third-parties around 10 years ago.
While it was a standalone tool not bundled with Windows, RDCMan became popular when it was initially released. Not least because it was a functional remote desktop tool that was free. These days, the app is not unique and is aged.
Indeed, Microsoft has not updated the tool since 2014 when version 2.7 was rolled out. Redmond has introduced more robust and well-featured remote desktop tools since the introduction of RDCMan, so it makes sense the app is going away.
The demise of the app took on an air or certainty during March Patch Tuesday this week. Microsoft confirmed a bug report that disclosed a flaw in RDCMan that would allow bad actors to take data from PCs using the tool.
“To exploit the vulnerability, an attacker could create an RDG file containing specially crafted XML content and convince an authenticated user to open the file,” Microsoft said in a security advisory for CVE-2020-0765.
Because of its age and a lack of support, Microsoft decided against patching the vulnerability. Instead, the company decided to discontinue the tool.