![]() ![]() With any edition of Chocolatey (including the free open source edition), you can host your own packages and cache or internalize existing community packages. Packages offered here are subject to distribution rights, which means they may need to reach out further to the internet to the official locations to download files at runtime.įortunately, distribution rights do not apply for internal use. ![]() ![]() If you are an organization using Chocolatey, we want your experience to be fully reliable.ĭue to the nature of this publicly offered repository, reliability cannot be guaranteed. Human moderators who give final review and sign off.Security, consistency, and quality checking.ModerationĮvery version of each package undergoes a rigorous moderation process before it goes live that typically includes: To exploit the vulnerability, an attacker could create an RDG file containing specially crafted XML content and convince an authenticated user to open the file.Welcome to the Chocolatey Community Package Repository! The packages found in this section of the site are provided, maintained, and moderated by the community. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. Here's how Microsoft described the vulnerability:Īn information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity. The vulnerability was assigned the ID CVE-2020-0765 and the latest RDCMan v2.82 addresses the issue. Mark Russinovich, CTO of Microsoft Azure and co-creator of the Sysinternals utility suite, confirmed that RDCMan wouldn't be abandoned and it will now be a part of Sysinternals.Įarlier today, Microsoft also updated its CVE for the security issue found in RDCMan, stating that the problem has been fixed. However, earlier this year in February, it had a change of heart. Back in March last year, Microsoft said it will deprecate its Remote Desktop Connection Manager (RDCMan) after a security vulnerability was found in the software. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |