In March, Microsoft announced that it was discontinuing Remote Desktop Connection Manager (RDCMan) due to a major security flaw (CVE-2020-0765). Here is the bulletin:

An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create an RDG file containing specially crafted XML content and convince an authenticated user to open the file.

Here’s what ZDNet said about Microsoft’s response to the problem: “Instead of fixing the bug, Microsoft decided to retire RDCMan, seeing no reason to revive an app that received its last update almost six years ago.”

Limited Functionality

Even before this major vulnerability was discovered, many users found RDCMan frustrating and limited. For example, it lacked many of the time-saving integrations available in other (and better) alternatives. Plus, RDCMan only worked in Windows deployments. And overall, RDCMan — even by Microsoft’s admission — was always a very basic tool and never designed to handle sophisticated functions like utilizing 2FA, managing privileged accounts, securing sensitive data, generating strong passwords, creating audit logs, and so on.

Step 1: Stop Using RDCMan

If you’re a current RDCMan user, then the advice is clear: stop using it. Yes, you and your team may have been using it for years. But now that this bug has been made public, you can be certain that bad actors are mobilizing and will be specifically targeting this vulnerability. Considering the costs of a data breach (and how furious your boss would be), it’s not worth the risk.

Step 2: Give Remote Desktop Manager a Try!

If you’re looking for a free alternative to RDCMan, then Remote Desktop Manager (RDM) Free could be exactly what you need. RDM Free is designed for individual IT pros, while RDM Enterprise is designed for IT teams (co-located and remote) who need to share remote connections and privileged passwords. Here is a side-by-side comparison of the two solutions. Also, be assured that RDM Free is not nagware, donationware, or trialware. It’s a legitimate, standalone solution for IT pros that is constantly being updated.

Interested in trying RDM, but you don’t want to lose your data? Good news! You can import your sessions from an existing application or an existing file format. You can follow this online help right here.