Security News > 2022 > January > Critical ManageEngine Desktop Server Bug Opens Orgs to Malware

A critical security vulnerability in the Zoho ManageEngine Desktop Central and Desktop Central MSP platforms could allow authentication bypass, the company has warned.

Zoho's ManageEngine Desktop Central is a unified endpoint management solution that lets IT admins manage servers, laptops, desktops, smartphones and tablets from a central location.

The ability to install a.ZIP file paves the way for the installation of malware on all of the endpoints managed by the Desktop Central instance.

Cybercriminals can simply compromise one MSP's Desktop Central MSP edition and potentially gain access to the customers whose footprints are being managed using it, depending on security measures the provider has put in place.

This played out in September when a critical security vulnerability in the Zoho ManageEngine ADSelfService Plus platform was patched; it could allow remote attackers to bypass authentication and have free rein across users' Active Directory and cloud accounts.

That bug could allow remote attackers to override legitimate functions of servers running ManageEngine Desktop Central and to elevate privileges - with an ultimate goal of dropping malware onto organizations' networks.

News URL

https://threatpost.com/critical-manageengine-desktop-server-bug-malware/177705/