Secure your Desktop Central server from unauthenticated access!
Dear Customer's, At ManageEngine, we consider security as our top priority. That’s why we bring it to your immediate attention, that some versions of Desktop Central Server instances that were hosted as edge devices with weak password policies might be compromised (reported by BleepingComputer). A cyberthreat actor has claimed that the Desktop Central servers hosted as edge devices (publicly accessible) that do not have two-factor authentication enabled and use the default credentials to authenticate
[Free training webinars]: Overcome complex application performance hurdles with ease!
A conventional business infrastructure is bound to have a substantial amount of performance disruptions on a regular basis from time to time. However, there are instances where even the minuscule of issues might get overlooked, but are intricate enough
Password Manager Pro new build 11001
Hi, Password Manager Pro 11001 has been released and is now available for download. This is a minor release with a few important security fixes, and a bug fix related to the Ticketing system. For detailed information, please see our Release Notes of this upgrade pack (build 11001). How to Upgrade to Build 11001? If you are an existing customer of Password Manager Pro, download the upgrade pack from the following page: https://www.manageengine.com/products/passwordmanagerpro/upgradepack.html
Firefox 81 and Firefox ESR 78.3 patches high severity vulnerabilities
Mozilla patched high-severity vulnerabilities with the release of Firefox 81 and Firefox ESR 78.3. The CVE IDs addressed in the latest version are as follows: CVE ID Description Severity CVE-2020-15677 Download origin spoofing via redirect Moderate CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element Moderate CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario
Firefox 81 and Firefox ESR 78.3 patches high severity vulnerabilities
Mozilla patched high-severity vulnerabilities with the release of Firefox 81 and Firefox ESR 78.3. The CVE IDs addressed in the latest version are as follows: CVE ID Description Severity CVE-2020-15677 Download origin spoofing via redirect Moderate CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element Moderate CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario
Firefox 81 and Firefox ESR 78.3 patches high severity vulnerabilities
Mozilla patched high-severity vulnerabilities with the release of Firefox 81 and Firefox ESR 78.3. The CVE IDs addressed in the latest version are as follows: CVE ID Description Severity CVE-2020-15677 Download origin spoofing via redirect Moderate CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element Moderate CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario
CISA's Emergency Directive 20-04 mandates federal agencies to mitigate CVE-2020-1472 (Netlogon Elevation of Privilege Vulnerability)
This advisory applies to: All Federal Executive Branch Departments and Agencies, Except for the Department of Defense, Central Intelligence Agency, and Office of the Director of National Intelligence. On August 11, 2020, Microsoft issued a security update to mitigate CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability in Windows Server operating systems. This vulnerability exists within the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), an interface used for user and machine authentication
CISA's Emergency Directive 20-04 mandates federal agencies to mitigate CVE-2020-1472 (Netlogon Elevation of Privilege Vulnerability)
This advisory applies to: All Federal Executive Branch Departments and Agencies, Except for the Department of Defense, Central Intelligence Agency, and Office of the Director of National Intelligence. On August 11, 2020, Microsoft issued a security update to mitigate CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability in Windows Server operating systems. This vulnerability exists within the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), an interface used for user and machine authentication
CISA's Emergency Directive 20-04 mandates federal agencies to mitigate CVE-2020-1472 (Netlogon Elevation of Privilege Vulnerability)
This advisory applies to: All Federal Executive Branch Departments and Agencies, Except for the Department of Defense, Central Intelligence Agency, and Office of the Director of National Intelligence. On August 11, 2020, Microsoft issued a security update to mitigate CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability in Windows Server operating systems. This vulnerability exists within the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), an interface used for user and machine authentication
Google Chrome releases stable channel update 85.0.4183.121
Hello folks, Google Chrome has recently updated the stable channel to 85.0.4183.121. The CVE IDs addressed in the latest version and their corresponding severity are as follows: CVE-2020-15960 - High CVE-2020-15961 - High CVE-2020-15962 - High CVE-2020-15963 - High CVE-2020-15965 - High CVE-2020-15966 - Medium CVE-2020-15964 - Low Desktop Central now supports patches to address the aforementioned CVEs and update Google Chrome to the latest version 85.0.4183.121 for Windows, Mac, and Linux.
Google Chrome releases stable channel update 85.0.4183.121
Hello folks, Google Chrome has recently updated the stable channel to 85.0.4183.121. The CVE IDs addressed in the latest version and their corresponding severity are as follows: CVE-2020-15960 - High CVE-2020-15961 - High CVE-2020-15962 - High CVE-2020-15963 - High CVE-2020-15965 - High CVE-2020-15966 - Medium CVE-2020-15964 - Low Patch Manager Plus now supports patches to address the aforementioned CVEs and update Google Chrome to the latest version 85.0.4183.121 for Windows, Mac, and Linux.
Google Chrome releases stable channel update 85.0.4183.121
Hello folks, Google Chrome has recently updated the stable channel to 85.0.4183.121. The CVE IDs addressed in the latest version and their corresponding severity are as follows: CVE-2020-15960 - High CVE-2020-15961 - High CVE-2020-15962 - High CVE-2020-15963 - High CVE-2020-15965 - High CVE-2020-15966 - Medium CVE-2020-15964 - Low Vulnerability Manager Plus now supports patches to address the aforementioned CVEs and update Google Chrome to the latest version 85.0.4183.121 for Windows, Mac,
M365 Security Plus - Fixes and Enhancements [2021]
O365 Manager Plus Release Notes Release Notes for build 4500 - Dec 31, 2021 Issue fixed: To prevent Log4j vulnerability (CVE-2021-45105) we have upgraded Apache Log4j version 2.16 to 2.17. Release Notes for build 4425 - Dec 16, 2021 Enhancement: Enhanced
The launch of ServiceDesk Plus' new UI is right around the corner
Hi there! After a successful beta test, ServiceDesk Plus' revamped user interface is all set to launch for a global audience very soon. We are very excited to bring you this latest update. To ensure that you and your team have a smooth switchover to the new UI, the first session of the Masterclass advanced series will be focus on the new user experience where our product experts will take a deep dive, demonstrating the improved interface and the new functionalities. Webinar details: Masterclass
ServiceDesk Plus Cloud - Custom Apps[Add On] Scheduled downtime for EU users on September 27th, 2020
Dear Customers, This downtime announcement is specific to ServiceDesk Plus Cloud users/organisations signed up in EU and for those who have enabled "Custom Apps" add-on. During this downtime, add-on "Custom Apps" in ServiceDesk Plus Cloud application alone won't be accessible and all other features & functionalities of the helpdesk will be accessible and work as intended We want to make you aware that we've scheduled a maintenance activity at our EU data centers on Sunday, September 27th, 2020, from
Next Release : Enhancements in Maintenance(new tab), Problem and Developer Space
Dear Users, We are planning for the next release with enhancements in Maintenance(new tab), Problem and Developer Space. Below is brief details on the features : Maintenance Module Preventive Maintenance Tasks are now converted as Maintenance module from where you can schedule and manage maintenance activities. Once a maintenance is scheduled, it will be executed as auto-generated requests to ensure smooth operating efficiency. The requests can be generated daily, weekly, monthly, periodically or
[Tips & Tricks] Populate Department name based on selected User name
Scenario: A particular incident template has 2 additional fields "User name" and "Department name". When users submit a ticket with this specific template, while typing the name ( on the user name additional field), it should populate the appropriate user names list within the ServiceDesk Plus. On selecting a user name, ServiceDesk Plus should automatically populate the selected user's department on the department name field. Solution: Create a new 'Single Line' additional fields for "UserField"
[Tips & Tricks] Auto-approving a change
Hello folks, A change is to control risk and minimize disruption to associated IT services and business operations, consequently ensuring that the best possible levels of service quality and availability are maintained. A major change that can have a medium to high impact on business operations and may have financial implications that always requires CAB approval, as well as management approval. Whereas, changes like patch deployment or OS upgrade that occur routinely and have low impact, less risky
Authorization Warning : on accessing view solution from Self Service Portal
If you happened to come across situations, where users are unable to access "I am looking for a Solution" from their Self Service Portal, even though they have access to the solutions tab. Then this article is for you. Behavior Change: 11118 SD-89683: If any custom widget is configured with the '/SolutionsHome.do' URL, then the operation param '/SolutionsHome.do?action=view' must be included in the URL, or else an error message mentioning "you are not authorized" will be thrown. Solution: (Applicable
ServiceDesk Plus MSP - version 10.5 - Build - 10511 Released
Dear User(s) We released ServiceDesk Plus MSP - version 10.5 - Build - 10511. Please refer to the Migration path table available here and upgrade to our latest build 10511. Enhancements : SDPMSP-15210: You can now restrict Account Managers and Point Of Contacts from creating public reports. SDPMSP-15269: SDAmins can now access restricted APIs on read-only mode. SDPMSP-15286: You can now configure the mail server with Modern Authentication (OAuth 2.0) for secure and delegated access. Refer
Supportcenter Plus 11.0 Iphone and Android Apps Released
Dear Users Greetings for the day. With the continuation of the Supportcenter Plus 11.0 release, we are working on several tasks to make our users feel better, implementing useful functionalities , better user experience, and more. This time, We are happy to announce the official launch of SupportCenter Plus 11.0 version compatible iPhone and Android Apps, an app that helps businesses deal with customer support on the go, making it a hassle-free experience with a straightforward approach. Why use
Patch Tuesday September 2020 - Supported updates
Hello there, Below is the breakdown of all the updates released in September 2020 Patch Tuesday. New Security Bulletins : 2020-09 Security Monthly Quality Rollup for Windows Server 2008 Systems (KB4577064) (ESU) - Not Supported 2020-09 Security Only Quality Update for Windows Server 2008 Systems (KB4577070) (ESU) 2020-09 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 Systems (KB4577053) (ESU) 2020-09 Security Only Quality Update for Windows Server 2012 Systems (KB4577048) 2020-09
Patch Tuesday September 2020 - Supported updates
Hello there, Below is the breakdown of all the updates released in September 2020 Patch Tuesday. New Security Bulletins : 2020-09 Security Monthly Quality Rollup for Windows Server 2008 Systems (KB4577064) (ESU) - Not Supported 2020-09 Security Only Quality Update for Windows Server 2008 Systems (KB4577070) (ESU) 2020-09 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 Systems (KB4577053) (ESU) 2020-09 Security Only Quality Update for Windows Server 2012 Systems (KB4577048) 2020-09
Patch Tuesday September 2020 - Supported updates
Hello there, Below is the breakdown of all the updates released in September 2020 Patch Tuesday. New Security Bulletins : 2020-09 Security Monthly Quality Rollup for Windows Server 2008 Systems (KB4577064) (ESU) - Not Supported 2020-09 Security Only Quality Update for Windows Server 2008 Systems (KB4577070) (ESU) 2020-09 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 Systems (KB4577053) (ESU) 2020-09 Security Only Quality Update for Windows Server 2012 Systems (KB4577048) 2020-09
[Community Digest] ServiceDesk Plus - August 2020
Here is your ServiceDesk Plus Monthly Summary for August 2020! Service Packs: A total of three service packs (11123,11124,11125) with numerous features and issue fixes have been released. Please refer to our ReadME article for complete details. Behavior Changes introduced with these service packs: When a technician whose login is disabled is re-imported via Active Directory, the login permissions will remain disabled. The default custom view for requests is now set to 'My Pending Requests' for requester
[DidYouKnow-41] Glowroot bundled with ServiceDesk Plus
Introduction: Glowroot is a simple APM (Application Performance Monitoring) tool useful for monitoring Java-based applications. It has a feature which allows tracing for slow requests and errors, it is also possible, logging trace time for every user action within the ServiceDesk Plus. https://glowroot.org/ Glowroot is now bundled with ServiceDesk Plus and available from 11124 builds onwards. Note: This tool is not enabled by default and need not be enabled until explicitly told so for performance
Password Manager Pro new build 11000
Hi, Password Manager Pro 11000 has been released and is now available for download. This release comes with numerous new features and enhancements with respect to Certificates and Keys. Please see our Release Notes to learn in detail about the enhancements included in this upgrade pack (build 11000). How to Upgrade to Build 11000? If you are an existing customer of Password Manager Pro, download the upgrade pack from the following page: https://www.manageengine.com/products/passwordmanagerpro/upgradepack.html
SupportCenter Plus version 8.1 - Build - 8115 released
Dear User(s) We released SupportCenter Plus version 8.1 - Build - 8115. Please refer the Migration path table available here and upgrade to our latest build 8115. Issues Fixed list is available here Note : As a best Practice, please do the upgrade only in your Test environment and based on the status, do the upgrade in the Production. Steps to do the Upgrade is available here You can contact our support at support@supportcenterplus.com for any assistance. Following is the support policy of SupportCenter
Free webinar: Leveraging user behavior analytics and machine learning algorithms in your PAM strategy
Hi all, Title: Leveraging user behavior analytics and machine learning algorithms in your PAM strategy Date: Thursday, September 3 Time: 10am GMT | 11am EDT | 2pm AEST Duration: 40 minutes Reserve your spot The growing number of security breaches and insider attacks involving privilege misuse calls for a more dynamic approach to how privileged access is managed and monitored in an enterprise. An effective privileged access management (PAM) program should deliver strict governance of administrative
Free webinar: Leveraging user behavior analytics and machine learning algorithms in your PAM strategy
Hi all, Title: Leveraging user behavior analytics and machine learning algorithms in your PAM strategy Date: Thursday, September 3 Time: 10am GMT | 11am EDT | 2pm AEST Duration: 40 minutes Reserve your spot The growing number of security breaches and insider attacks involving privilege misuse calls for a more dynamic approach to how privileged access is managed and monitored in an enterprise. An effective privileged access management (PAM) program should deliver strict governance of administrative
Chrome stable channel update fixes 20 security vulnerabilities
Hello everyone, Chrome 85 has been promoted to the stable channel 85.0.4183.83 for Windows, macOS, and Linux. This update comes with fixes for 20 security vulnerabilities, the details of which are given below: CVE ID Vulnerability details Severity CVE-2020-6558 Insufficient policy enforcement in iOS High CVE-2020-6559 Use after free in presentation API High CVE-2020-6560 Insufficient policy enforcement in autofill Medium CVE-2020-6561 Inappropriate implementation in Content
Chrome stable channel update fixes 20 security vulnerabilities
Hello everyone, Chrome 85 has been promoted to the stable channel 85.0.4183.83 for Windows, macOS, and Linux. This update comes with fixes for 20 security vulnerabilities, the details of which are given below: CVE ID Vulnerability details Severity CVE-2020-6558 Insufficient policy enforcement in iOS High CVE-2020-6559 Use after free in presentation API High CVE-2020-6560 Insufficient policy enforcement in autofill Medium CVE-2020-6561 Inappropriate implementation in Content
Chrome stable channel update fixes 20 security vulnerabilities
Hello everyone, Chrome 85 has been promoted to the stable channel 85.0.4183.83 for Windows, macOS, and Linux. This update comes with fixes for 20 security vulnerabilities, the details of which are given below: CVE ID Vulnerability details Severity CVE-2020-6558 Insufficient policy enforcement in iOS High CVE-2020-6559 Use after free in presentation API High CVE-2020-6560 Insufficient policy enforcement in autofill Medium CVE-2020-6561 Inappropriate implementation in
Security updates released for Firefox 80, ESR 68.12, and ESR 78.2
Hello everyone, Mozilla has released security updates for Firefox 80, Firefox ESR 68.12, and Firefox ESR 78.2. Most of the vulnerabilities fixed are of high severity. The details of the vulnerabilities fixed are as follows: CVE ID Vulnerability details Severity CVE-2020-15663 Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege High CVE-2020-15664 Attacker-induced prompt for extension installation High CVE-2020-12401 Timing-attack
Security updates released for Firefox 80, ESR 68.12, and ESR 78.2
Hello everyone, Mozilla has released security updates for Firefox 80, Firefox ESR 68.12, and Firefox ESR 78.2. Most of the vulnerabilities fixed are of high severity. The details of the vulnerabilities fixed are as follows: CVE ID Vulnerability details Severity CVE-2020-15663 Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege High CVE-2020-15664 Attacker-induced prompt for extension installation High CVE-2020-12401 Timing-attack
Security updates released for Firefox 80, ESR 68.12, and ESR 78.2
Hello everyone, Mozilla has released security updates for Firefox 80, Firefox ESR 68.12, and Firefox ESR 78.2. Most of the vulnerabilities fixed are of high severity. The details of the vulnerabilities fixed are as follows: CVE ID Vulnerability details Severity CVE-2020-15663 Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege High CVE-2020-15664 Attacker-induced prompt for extension installation High CVE-2020-12401 Timing-attack
[Tips & Tricks] Configuring SAML with Azure AD
This guide will help us configure SAML for those who want to use Azure AD as their IdP and also give you insights on a few issues that you might run into while configuring SAML in an Azure Environment. In an ideal environment, we will have an On Premises AD which will Sync users to their O365 Portal or Azure Portal. The sync is carried out with the help of a tool called Azure AD Connect, and the admins can download this tool either from the Azure Portal (https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/AzureADConnect)
[ForYourInformation -47] Password Policy Enhancement
You may all know about the Password Policy feature which was introduced with 11100 builds of ServiceDesk Plus. Now we have an additional function "Change Password Redirection" in the password policy feature which is available from the 11123 builds of ServiceDesk Plus. This function allows ServiceDesk Plus admins to enable a forced password reset policy, which redirects users, who log in for the first time, to the change password page. Admin Tab >> General Settings >> Security Settings >> Password
Announcing EOL for Flash player based Business views
Dear OpManager Users, Hope you are all aware of Adobe's EOL announcement for its flash player in 2017. Here is the official announcement from Adobe. https://www.adobe.com/in/products/flashplayer/end-of-life.html We were already aware of this and made sure new business views are created using HTML5 after 12.2 release. We also gave an option to our users to migrate the old business views created in Flash player to HTML5. But still some users are using the business views created in Flash player.
[Webinar] How you can deliver better business outcomes using Applications Manager - Analytics Plus integration!
For businesses to grow, just gathering performance data isn't enough. Leveraging predictive insights and operational intelligence will help optimize application performance and drive real improvements. Join us for a free webinar where we discuss how the powerful combination of an application monitoring tool (Applications Manager) and an advanced analytics solution (Analytics Plus) can help you proactively gauge
Next Page