Zoho urges to install patches as soon as possible: hackers already exploit a bug in ManageEngine

Zoho urges install patches soon possible: hackers already exploit bug ManageEngine

The Zoho developers urged their customers to urgently update their Desktop Central and Desktop Central MSP installations to the latest version available. The fact is that a new critical vulnerability in ManageEngine is already under attack.

The vulnerability in question, identified as CVE-2021-44515 , allows attackers to bypass authentication and then execute arbitrary code on unpatched ManageEngine Desktop Central installations (Desktop Central Cloud is not affected by the issue).

To determine if a particular installation has been attacked, it is suggested to use the Zoho Exploit Detection Tool. If signs of a compromise are found, Zoho recommends that you initiate a “password reset for all services, accounts, Active Directory, and so on,” as well as Active Directory administrator passwords.

Edition Bleeping Computer notes that, according to Shodan, the network available to more than 3,200 copies of ManageEngine Desktop Central, running on different ports and vulnerable to attacks.

Catch up on more stories here

Follow us on Facebook here

Leave a Reply