Comprehensive software reviews to make better IT decisions
ManageEngine Desktop Central Remote Code Execution Vulnerability
A remote code execution vulnerability in ManageEngine Desktop Central, with a CVSS score of 9.8, was recently discovered by a third party. To address this gap, ManageEngine has released an update.
ManageEngine Desktop Central is an on-premises application that helps organizations manage desktops and mobile devices.
“Desktop Central is a unified endpoint management solution that helps in managing servers, laptops, desktops, smartphones, and tablets from a central location.”
Source: ManageEngine Desktop Central product information page
The reported vulnerability allows a remote attacker to execute arbitrary code on the target system. As a preliminary stop-gap measure, ManageEngine released a temporary fix in build 10.0.474 on January 20, 2020, followed by a permanent fix in build 10.0.479 released on March 7, 2020.
Source: ManageEngine Desktop Central remote code execution vulnerability (CVE-2020-10189), March 2020
We strongly recommend that all ManageEngine Desktop Central administrators install this update as soon as possible, to minimize susceptibility to remote attacks.
The threat of remote code execution is one that should always be taken seriously. In the case of ManageEngine Desktop Central, the urgency is even more severe: as a unified endpoint management solution, Desktop Central has the ability to push out and install software onto endpoint devices. In the event that the service is compromised, a hacker can essentially propagate malware to the target systems, further wreaking havoc. Proactivity breeds prevention; it is imperative for organizations to be aware of potential vulnerabilities even after remedial updates have been released.
Want to Know More?
Eplore Your Options for Managing Chromebooks
Develop and Implement a Security Incident Management Program
Expect Windows 10 Innovations to Surface From Microsoft’s Re-Org
Microsoft combined the Windows 10 and Surface teams under Panos Panay. Expect greater innovations to Windows 10, headaches in IT, and feature exclusivity in Microsoft Endpoint Manager.
Ivanti Changes Direction: It Has Installed New Leadership With Experience in Enterprise Software, Mergers & Acquisitions
Clearlake Capital is shaking up Ivanti’s leadership. Expect greater focus on efficiency and acquisitions beyond ITSM and IT operations.
Microsoft Endpoint Manager Combines ConfigMgr and Intune, Helping IT Adapt to the World of Mobile Work
Configuration Manager (ConfigMgr) is leaving System Center and joining Intune under the Microsoft Endpoint Manager (MEM) portfolio. It’ll take years to stop writing SCCM, but co-management is an exciting feature.
It Takes an Enterprise to Raise a Digital Workspace
VMware and Citrix are promoting their flagship digital workspaces to CIOs as a way to improve employee engagement. If you implement them without stakeholder involvement, or adequate resourcing, it will backfire.
Explore Your Options for Managing Chromebooks
Google gives enterprise IT departments different Chrome OS management approaches. Pilot each; don’t just use the most familiar one to you.
How BigFix Administrators Need to Prepare for the Divestiture
IBM is divesting BigFix, Domino, Notes, and other software lines to HCL. It’s not a reason to jump ship, but do a muster drill to be safe.
Cisco Is Bringing Cognitive Collaboration to the Contact Center
Cisco unveiled three AI features for its Unified Contact Center Enterprise and Unified Contact Center Express at Enterprise Connect 2019. These features should help, but don’t replace your agents with bots anytime soon.
Jamf's Year of Subverting Unified Endpoint Management
Jamf has had a busy year improving and expanding its product. It’s convincing many organizations to avoid the siren song of unified endpoint management.
Microsoft’s Change From Premier to Unified Support May Cost Organizations Up to 30% More
The new Microsoft Unified Support model is still in beta phase, aiming for a global rollout by the end of Microsoft’s fiscal year 2019. Its aim is moving towards providing support for organizations adding cloud products to their Microsoft volume licensing agreements but maintains support for historical on-premises and legacy products. Prices could rise for current customers by up to 30%.