Chrome releases security updates to fix critical vulnerabilities
Hello everyone, Chrome has updated its stable channel to 83.0.4103.97 for Windows, Mac, and Linux. This update comes with security fixes for several vulnerabilities. The details of the vulnerabilities are as follows: CVE ID Vulnerabilities Severity CVE-2020-6493 Use after free in WebAuthentication High CVE-2020-6494 Incorrect security UI in payments High CVE-2020-6495 Insufficient policy enforcement in developer tools High CVE-2020-6496 Use after free in payments High To patch these vulnerabilities
Withdrawing Servlet APIs for Asset Management
Dear users, This announcement is to inform you that we will be withdrawing the support for Servlet API operations for Asset Management from one of the upcoming service packs. You can now use CMDB APIs which is more advanced to perform operations like adding, updating and deleting assets. You can try our CMDB APIs from Admin > General > API > Documentation > CMDB. The support for Servlet APIs is expected to be withdrawn from the build 11119 for ServiceDesk Plus and 6713 for Asset Explorer. In case
Mozilla releases security fixes for Firefox 77
Hello everyone, Mozilla has released security fixes for vulnerabilities in Firefox 77. The details of the vulnerabilities fixed are as follows CVE ID Vulnerability Severity CVE-2020-12399 Timing attack on DSA signatures in NSS library High CVE-2020-12405 Use-after-free in SharedWorkerService High CVE-2020-12406 JavaScript type confusion with NativeTypes High CVE-2020-12407 WebRender leaking GPU memory when using border-image CSS directive Moderate CVE-2020-12408 URL spoofing when using IP
Mozilla releases security fixes for Firefox 77
Hello everyone, Mozilla has released security fixes for vulnerabilities in Firefox 77. The details of the vulnerabilities fixed are as follows CVE ID Vulnerability Severity CVE-2020-12399 Timing attack on DSA signatures in NSS library High CVE-2020-12405 Use-after-free in SharedWorkerService High CVE-2020-12406 JavaScript type confusion with NativeTypes High CVE-2020-12407 WebRender leaking GPU memory when using border-image CSS directive Moderate CVE-2020-12408 URL spoofing when using IP
Mozilla releases security fixes for Firefox 77
Hello everyone, Mozilla has released security fixes for vulnerabilities in Firefox 77. The details of the vulnerabilities fixed are as follows CVE ID Vulnerability Severity CVE-2020-12399 Timing attack on DSA signatures in NSS library High CVE-2020-12405 Use-after-free in SharedWorkerService High CVE-2020-12406 JavaScript type confusion with NativeTypes High CVE-2020-12407 WebRender leaking GPU memory when using border-image CSS directive Moderate CVE-2020-12408 URL spoofing when using IP
[Community Digest] ServiceDesk Plus - May 2020
Here is the monthly rewind for May 2020! Version and Build releases: We had 3 build releases 11113 (Released on 05 May 2020) 11114 (Released on 08 May 2020) 11115 (Released on 19 May 2020) check this link for more details Product highlights: Behaviour Changes : Custom Settings button in scheduled reports will be displayed only for users with SDAdmin access. Going forward Purchase Request / License Agreement additional fields can only be added from the Admin tab and not from the Purchase
Rollout of Windows 10 2004 Feature updates
Hello All, A Quick heads-up, Microsoft has released its Windows 10 2004 feature updates for users. Below you can find a few highlights of this feature update. Fast identity authentication through Windows Hello is now supported across all major browsers. Windows Defender system guard enables a higher level of firmware protection. Setup Diag is automatically installed. Improvements in Windows Powershell cmdlets. Go ahead and read this document to know what the pre-requisites are and how
Rollout of Windows 10 2004 Feature updates
Hello All, A Quick heads-up, Microsoft has released its Windows 10 2004 feature updates for users. Below you can find a few highlights of this feature update. Fast identity authentication through Windows Hello is now supported across all major browsers. Windows Defender system guard enables a higher level of firmware protection. Setup Diag is automatically installed. Improvements in Windows Powershell cmdlets. Go ahead and read this document to know what the pre-requisites are and how
Rollout of Windows 10 2004 Feature updates
Hello All, A Quick heads-up, Microsoft has released its Windows 10 2004 feature updates for users. Below you can find a few highlights of this feature update. Fast identity authentication through Windows Hello is now supported across all major browsers. Windows Defender system guard enables a higher level of firmware protection. Setup Diag is automatically installed. Improvements in Windows Powershell cmdlets. Go ahead and read this document to know what the pre-requisites are and how
Introducing support for Driver and BIOS updates in Patch Manager Plus
Hello everyone, We are delighted to announce that you can now update Drivers and BIOS using Patch Manager Plus. With this addition, Patch Manager Plus goes one step further to fulfilling all the patching requirements present in a business environment. You can avail these updates from Patch Manager Plus build version 10.0.545. Driver and BIOS updates are also supported on Patch Manager Plus Cloud. For a complete list of the supported Driver and BIOS updates, refer this document. Cheers, ManageEngine
Critical issue while deploying Cisco Webex patch
Hello everyone, The Cisco Webex patch with Patch ID 313977 was released on Apr-28-2020 at 04:40 pm GMT. Regrettably, on installing this patch in certain machines, few of our customers got in touch with us stating a few issues. Following this, the patch was removed from the Desktop Central repository on the morning of Apr-29-2020, for further analysis of the situation. Issue when deploying Cisco Webex patch: Customers who have synced the database and deployed the Cisco Webex patch in the following
ADAudit Plus Build 6052 released.
Build 6052 (May 2020) This release includes fixes for the unauthenticated change to integration system configuration vulnerability (CVE-2020-24786) reported by Florian Hauser.
Chrome 83.0.4103.61 fixes 38 security flaws
Hello everyone, The latest stable version of the web browser ' Google Chrome ', version 83.0.4103.61, aka Chrome 83, is released for Windows, Mac and Linux. This update contains 38 security fixes and packs a number of new features including enhanced privacy controls, new settings for managing cookie files, a new Safety Check option, support for tab groups, new graphics for web form elements, a new API for detecting barcodes, and a new anti-XSS security feature. Here's a quick glance at the list
Chrome 83.0.4103.61 fixes 38 security flaws
Hello everyone, The latest stable version of the web browser ' Google Chrome ', version 83.0.4103.61, aka Chrome 83, is released for Windows, Mac and Linux. This update contains 38 security fixes and packs a number of new features including enhanced privacy controls, new settings for managing cookie files, a new Safety Check option, support for tab groups, new graphics for web form elements, a new API for detecting barcodes, and a new anti-XSS security feature. Here's a quick glance at the list
Chrome 83.0.4103.61 fixes 38 security flaws
Hello everyone, The latest stable version of the web browser ' Google Chrome ', version 83.0.4103.61, aka Chrome 83, is released for Windows, Mac and Linux. This update contains 38 security fixes and packs a number of new features including enhanced privacy controls, new settings for managing cookie files, a new Safety Check option, support for tab groups, new graphics for web form elements, a new API for detecting barcodes, and a new anti-XSS security feature. Here's a quick glance at the list
[Critical] ManageEngine EventLog Analyzer - Security advisory regarding unauthenticated product integration vulnerability.
Dear Patrons, We would like to inform you that the latest version of EventLog Analyzer, build 12136, fixes a critical security issue. Please go ahead and read about the issue and how to fix this issue in your deployment. What is the issue? EventLog Analyzer had a vulnerable endpoint (CVE-2020-24786) that allowed users to integrate their installation with other ManageEngine product installations, bypassing authentication. This could potentially lead to a data leak. Who are all affected? All users
[DidYouKnow-38] Unable to start ServiceDesk Plus as service
Some of us would have come across a situation, where ServiceDesk Plus works only through CMD prompt by executing the RUN.bat (batch file) and fails to start as service. This situation most likely occurs after application restores or migrating the application to another drive on the same server. The reason behind this issue is, the ServiceDesk Plus service is already registered with an old installation, the server will not allow the same service to get registered again on the same name. We can fix
How to identify and mitigate the unauthenticated product integration vulnerability.
Some versions of ADAudit Plus have the unauthenticated change to integration system vulnerability. This article explains how you can identify if your ADAudit Plus installation is affected, and fix it. It also offers the mitigation steps to protect your installation in case it is not affected. What is the issue? ADAudit Plus had a vulnerable endpoint which allowed a user to integrate ADAudit Plus with any other supported ManageEngine product, bypassing authentication. This could lead to a data
Exchange Reporter Plus build 5510 released with enhancements and issue fixes
Hello Everyone! We have released a new build of Exchange Reporter Plus, 5510. This release features security enhancements and bug fixes. Enhancement: Users can now use LDAPS to secure all communications between Exchange Reporter Plus and Active Directory. Public Folder Replicas report generation speed has been enhanced. Issue Fixes: The CVE-2020-24786 vulnerability, which allowed unauthenticated changes to the integration system's configuration, as reported by Florian Hauser, has been fixed. Issue
[Tips & Tricks] Guide to manage your asset license and Inventory tracking
Tracking IT or Non-IT assets becomes a task for the IT admin. We end up switching tabs and applications in and out to go through our existing inventory. Being an IT Admin with ServiceDesk Plus have you ever wondered what's eating up the license? Follow this trick to save up some license counts. Steps : Visit the Dashboard and click on the "Asset" tab. Click on "View all" for an asset summary. Once on the summary page, asset count will be highlighted, also Non-IT assets with ServiceDesk Plus has no
PAM360 - Security Hotfix Release - 4501
Hi, PAM360 4501 has been released and is now available for download. This release comes with an important and most awaited security fix. Please see our Release Notes to learn in detail about the same. How to Upgrade to Build 4501? If you are an existing customer of PAM360, download the upgrade pack from the following page: https://www.manageengine.com/privileged-access-management/upgradepack.html IMPORTANT NOTE: Please save a copy of the entire PAM360 installation folder in a local folder. This
Password Manager Pro - Security Hotfix Release - 10406
Hi, Password Manager Pro 10406 has been released and is now available for download. This release comes with an important and most awaited security fix. For more details, please see our Release Notes. How to Upgrade to Build 10406? If you are an existing customer of Password Manager Pro, download the upgrade pack from the following page https://www.manageengine.com/products/passwordmanagerpro/upgradepack.html IMPORTANT NOTE: Please save a copy of the entire Password Manager Pro installation folder
How to fix the unauthenticated product integration vulnerability
Hello Everyone, We wanted to let you know that a security vulnerability was detected in AD360 and we have fixed it. This article explains how you can fix this issue. What is the issue? AD360 had a vulnerable endpoint which allowed a user to integrate AD360 with any other supported ManageEngine product, bypassing authentication. This could lead to data leak. Which version of AD360 is affected? All AD360 builds below 4228 are affected. What is the severity level of the vulnerability? This is a critical
How to identify and mitigate the unauthenticated product integration vulnerability?
Some versions of RecoveryManager Plus have the unauthenticated change to integration system vulnerability (CVE-2020-24786) as reported by Florian Hauser. This article explains how you can identify if your RecoveryManager Plus installation is affected, and fix it. What is the issue? RecoveryManager Plus had a vulnerable endpoint which allowed a user to integrate RecoveryManager Plus with any other supported ManageEngine product, bypassing authentication. This could lead to data leak. Which version
Adobe releases patches for vulnerabilities in Reader and Acrobat
Hello everyone, In this month's security release, Adobe has fixed security vulnerabilities in Reader and Acrobat for Windows and macOS. If these vulnerabilities are exploited, they could cause remote code execution attacks and information leaks. The details of the vulnerabilities are as follows: CVE-ID Severity Impact CVE-2020-9610 Important Application denial-of-service CVE-2020-9612 Critical Arbitrary Code Execution CVE-2020-9615 Critical Security feature bypass CVE-2020-9597 CVE-2020-9594
Adobe releases patches for vulnerabilities in Reader and Acrobat
Hello everyone, In this month's security release, Adobe has fixed security vulnerabilities in Reader and Acrobat for Windows and macOS. If these vulnerabilities are exploited, they could cause remote code execution attacks and information leaks. The details of the vulnerabilities are as follows: CVE-ID Severity Impact CVE-2020-9610 Important Application denial-of-service CVE-2020-9612 Critical Arbitrary Code Execution CVE-2020-9615 Critical Security feature bypass CVE-2020-9597 CVE-2020-9594
Adobe releases patches for vulnerabilities in Reader and Acrobat
Hello everyone, In this month's security release, Adobe has fixed security vulnerabilities in Reader and Acrobat for Windows and macOS. If these vulnerabilities are exploited, they could cause remote code execution attacks and information leaks. The details of the vulnerabilities are as follows: CVE-ID Severity Impact CVE-2020-9610 Important Application denial-of-service CVE-2020-9612 Critical Arbitrary Code Execution CVE-2020-9615 Critical Security feature bypass CVE-2020-9597 CVE-2020-9594
May 2020 Patch Tuesday updates
Hello Everyone, Below is breakdown of all the updates released this Patch Tuesday. New Security Bulletins : 2020-05 Security Only Quality Update for Windows Server 2008 (KB4556854) (ESU) 2020-05 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4556843) (ESU) 2020-05 Security Only Quality Update for Windows Server 2012 (KB4556852) 2020-05 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4556853) 2020-05 Security Monthly Quality Rollup for Windows Server
May 2020 Patch Tuesday updates
Hello Everyone, Below is breakdown of all the updates released this Patch Tuesday. New Security Bulletins : 2020-05 Security Only Quality Update for Windows Server 2008 (KB4556854) (ESU) 2020-05 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4556843) (ESU) 2020-05 Security Only Quality Update for Windows Server 2012 (KB4556852) 2020-05 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4556853) 2020-05 Security Monthly Quality Rollup for Windows Server
May 2020 Patch Tuesday updates
Hello Everyone, Below is breakdown of all the updates released this Patch Tuesday. New Security Bulletins : 2020-05 Security Only Quality Update for Windows Server 2008 (KB4556854) (ESU) 2020-05 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4556843) (ESU) 2020-05 Security Only Quality Update for Windows Server 2012 (KB4556852) 2020-05 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4556853) 2020-05 Security Monthly Quality Rollup for Windows Server
Mobile Device Manager Plus- Free Training
Join us on 26th May, 2nd and 9th June 2020 at 6:30 GMT or 11:30 EDT for a free training session on ManageEngine's enterprise mobility management solution - Mobile Device Manager Plus! Following topics will be covered on May 26: Device Onboarding and Provisioning: Enrollment methods to manage BYOD and corporate devices Applying corporate configurations like VPN, e-mail and Wi-Fi to devices Containerizing corporate data on personally-owned devices Monitoring devices accessing organization's corporate
Listen to our two-part expert podcast series featuring the Monopoly Man.
Hello, We are pleased to announce the launch of our first-ever expert tech talk podcast series featuring renowned privacy expert, Ian Madrigal. Ian, popularly knows as the Monopoly Man, and Sid, our IT security expert, together have shared detailed insights on data privacy, compliance mandates, data breaches in the episodes. Tune in now In this
Listen to our two-part expert podcast series featuring the Monopoly Man.
Hello, We are pleased to announce the launch of our first-ever expert tech talk podcast series featuring renowned privacy expert, Ian Madrigal. Ian, popularly knows as the Monopoly Man, and Sid, our IT security expert, together have shared detailed insights on data privacy, compliance mandates, data breaches in the episodes. Tune in now In this
Listen to our two-part expert podcast series featuring the Monopoly Man.
Hello, We are pleased to announce the launch of our first-ever expert tech talk podcast series featuring renowned privacy expert, Ian Madrigal. Ian, popularly knows as the Monopoly Man, and Sid, our IT security expert, together have shared detailed insights on data privacy, compliance mandates, data breaches in the episodes. Tune in now In this
[Announcement] Launching advanced analytics for Jira Software
Hey there, We're so excited to announce the release of Analytics Plus version 4460. In this release, we are introducing out-of-the-box integration with Jira Software Cloud and Jira Software Server. For everyone who's interested in knowing more about this integration, we're having an on-demand webinar, titled, Streamline project management with advanced analytics for Jira Software. During the session, you can learn how to, Generate over 100 reports and dashboards based on your historic Jira Software
Microsoft Windows Elevation Of Privilege Vulnerability
Dear users, As you may all be already aware that there is an elevation of privilege vulnerability exists in Microsoft Windows that could allow a man-in-the-middle attacker to successfully forward an authentication request to a Windows LDAP server, such as a system running AD DS or AD LDS, which has not configured to require signing or sealing on incoming connections. More information can be referred from the below article. https://support.microsoft.com/en-ae/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirements-for-windows
OpUtils - Security advisory regarding CVE-2020-11946
This is an announcement regarding a security advisory addressing an unauthenticated servlet call vulnerability fixed in the latest version of OpUtils v12.4.196. PLEASE READ THROUGH THIS POST COMPLETELY to check whether your installation has been affected or not, and if affected, learn how you can resolve it. Issue and description: Unauthenticated API key disclosure - There was an unauthenticated access method to obtain the API key that was discovered in the product. This could be exploited by
Firewall Analyzer - Security advisory regarding CVE-2020-11946
This is an announcement regarding a security advisory addressing an unauthenticated servlet call vulnerability fixed in the latest version of Firewall Analyzer v12.4.196. PLEASE READ THROUGH THIS POST COMPLETELY to check whether your installation has been affected or not, and if affected, learn how you can resolve it. Issue and description: Unauthenticated API key disclosure - There was an unauthenticated access method to obtain the API key that was discovered in the product. This could be exploited
NetFlow Analyzer - Security advisory regarding CVE-2020-11946
This is an announcement regarding a security advisory addressing an unauthenticated servlet call vulnerability fixed in the latest version of NetFlow Analyzer v12.4.196. PLEASE READ THROUGH THIS POST COMPLETELY to check whether your installation has been affected or not, and if affected, learn how you can resolve it. Issue and description: Unauthenticated API key disclosure - There was an unauthenticated access method to obtain the API key that was discovered in the product. This could be exploited
Network Configuration Manager- Security advisory regarding CVE-2020-11946
This is an announcement regarding a security advisory addressing an unauthenticated servlet call vulnerability fixed in the latest version of Network Configuration Manager v12.4.196. PLEASE READ THROUGH THIS POST COMPLETELY to check whether your installation has been affected or not, and if affected, learn how you can resolve it. Issue and description: Unauthenticated API key disclosure - There was an unauthenticated access method to obtain the API key that was discovered in the product. This
Next Page