Comprehensive software reviews to make better IT decisions
ManageEngine Desktop Central Remote Code Execution Vulnerability
A remote code execution vulnerability in ManageEngine Desktop Central, with a CVSS score of 9.8, was recently discovered by a third party. To address this gap, ManageEngine has released an update.
ManageEngine Desktop Central is an on-premises application that helps organizations manage desktops and mobile devices.
“Desktop Central is a unified endpoint management solution that helps in managing servers, laptops, desktops, smartphones, and tablets from a central location.”
Source: ManageEngine Desktop Central product information page
The reported vulnerability allows a remote attacker to execute arbitrary code on the target system. As a preliminary stop-gap measure, ManageEngine released a temporary fix in build 10.0.474 on January 20, 2020, followed by a permanent fix in build 10.0.479 released on March 7, 2020.
We strongly recommend that all ManageEngine Desktop Central administrators install this update as soon as possible, to minimize susceptibility to remote attacks.
The threat of remote code execution is one that should always be taken seriously. In the case of ManageEngine Desktop Central, the urgency is even more severe: as a unified endpoint management solution, Desktop Central has the ability to push out and install software onto endpoint devices. In the event that the service is compromised, a hacker can essentially propagate malware to the target systems, further wreaking havoc. Proactivity breeds prevention; it is imperative for organizations to be aware of potential vulnerabilities even after remedial updates have been released.
Want to Know More?
Microsoft combined the Windows 10 and Surface teams under Panos Panay. Expect greater innovations to Windows 10, headaches in IT, and feature exclusivity in Microsoft Endpoint Manager.
Ivanti Changes Direction: It Has Installed New Leadership With Experience in Enterprise Software, Mergers & Acquisitions
Clearlake Capital is shaking up Ivanti’s leadership. Expect greater focus on efficiency and acquisitions beyond ITSM and IT operations.
Microsoft Endpoint Manager Combines ConfigMgr and Intune, Helping IT Adapt to the World of Mobile Work
Configuration Manager (ConfigMgr) is leaving System Center and joining Intune under the Microsoft Endpoint Manager (MEM) portfolio. It’ll take years to stop writing SCCM, but co-management is an exciting feature.
VMware and Citrix are promoting their flagship digital workspaces to CIOs as a way to improve employee engagement. If you implement them without stakeholder involvement, or adequate resourcing, it will backfire.
Google gives enterprise IT departments different Chrome OS management approaches. Pilot each; don’t just use the most familiar one to you.
IBM is divesting BigFix, Domino, Notes, and other software lines to HCL. It’s not a reason to jump ship, but do a muster drill to be safe.
Cisco unveiled three AI features for its Unified Contact Center Enterprise and Unified Contact Center Express at Enterprise Connect 2019. These features should help, but don’t replace your agents with bots anytime soon.
Jamf has had a busy year improving and expanding its product. It’s convincing many organizations to avoid the siren song of unified endpoint management.
The new Microsoft Unified Support model is still in beta phase, aiming for a global rollout by the end of Microsoft’s fiscal year 2019. Its aim is moving towards providing support for organizations adding cloud products to their Microsoft volume licensing agreements but maintains support for historical on-premises and legacy products. Prices could rise for current customers by up to 30%.