Security News > 2022 > January > Critical ManageEngine Desktop Server Bug Opens Orgs to Malware
A critical security vulnerability in the Zoho ManageEngine Desktop Central and Desktop Central MSP platforms could allow authentication bypass, the company has warned.
Zoho's ManageEngine Desktop Central is a unified endpoint management solution that lets IT admins manage servers, laptops, desktops, smartphones and tablets from a central location.
The ability to install a.ZIP file paves the way for the installation of malware on all of the endpoints managed by the Desktop Central instance.
Cybercriminals can simply compromise one MSP's Desktop Central MSP edition and potentially gain access to the customers whose footprints are being managed using it, depending on security measures the provider has put in place.
This played out in September when a critical security vulnerability in the Zoho ManageEngine ADSelfService Plus platform was patched; it could allow remote attackers to bypass authentication and have free rein across users' Active Directory and cloud accounts.
That bug could allow remote attackers to override legitimate functions of servers running ManageEngine Desktop Central and to elevate privileges - with an ultimate goal of dropping malware onto organizations' networks.
News URL
https://threatpost.com/critical-manageengine-desktop-server-bug-malware/177705/
Related news
- Docker Desktop blocked on Macs due to false malware alert (source)
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)