March 2020 Patch Tuesday forecast
Look out for a more stable fix this Patch Tuesday for the botched Windows 10 updates 4524244 and 4502496 Microsoft pulled last month. With a huge numbers of CVEs fixed by Microsoft and a good deal of updates for Reader and Acrobat issued by Adobe last month, we hope March Patch Tuesday will spare us with a lighter set of updates. To save yourself the trouble of sorting them out, catch an early analysis on March Patch Tuesday updates and strategies on safe testing and stable rolling out of patches
Security Update - Ghostcat Vulnerability prevention for Desktop Central
A vulnerability with the name Ghostcat in Apache Tomcat (CVE 2020-1938), which is a third-party component used by Desktop Central was discovered by external security researchers of Chaitin Tech. This Ghostcat Vulnerability has been mitigated and has been released for ManageEngine Desktop Central. Follow the below given steps to prevent this vulnerability in Desktop Central Servers. Log in to your Desktop Central console, click on your current build number on the top right corner. You can find the
Unauthenticated remote code execution vulnerability fixed
Hello Everyone, The fix for Remote Code Execution vulnerability in Patch Manager Plus has been released in the build 100426 This hotfix is available at https://www.manageengine.com/patch-management/service-packs.html For more information, please visit here In case of queries or technical assistance contact support. Regards, Team ManageEngine
Unauthenticated Remote Code Execution Vulnerability has been fixed!
Hello everyone, Fix for the Remote Code Execution vulnerability in Device Control Plus has been released in the build 100356. This hotfix is available at https://www.manageengine.com/device-control/service-packs.html For more information, refer this link. In case of queries or for technical assistance please contact support. Best Regards, Team ManageEngine
Security Update | ManageEngine Application Control Plus
Hello Everyone, Fix for the Remote Code Execution vulnerability in Application Control Plus has been released in the build 100504. This hotfix is available at https://www.manageengine.com/application-control/service-packs.html For more information, please visit here. In case of queries or technical assistance contact support Regards, Team ManageEngine
Unauthenticated remote code execution vulnerability fixed
Hello Everyone, Fix for the Remote Code Execution vulnerability in Vulnerability Manager Plus has been released in the build 100346 This hotfix is available at https://www.manageengine.com/vulnerability-management/service-packs.html For more information, please visit here In case of queries or technical assistance contact support Regards, Team ManageEngine
Fix for Security Issue in Mobile Device Manager Plus MSP
Mobile Device Manager Plus MSP has fixed an arbitrary file upload vulnerability which would have otherwise allowed users with malicious intent to upload any file without validation using the log upload functionality. The security fix is available in build #92684 and above. You can download the latest build from here. For any queries or assistance, please reach to our support team at msp-mdm-support@manageengine.com. Follow #mdm-security for all security related updates in Mobile Device Manager Plus
Fix for Security Issue in Mobile Device Manager Plus
Mobile Device Manager Plus has fixed an arbitrary file upload vulnerability which would have otherwise allowed users with malicious intent to upload any file without validation using the log upload functionality. The security fix is available in build #92684 and above. You can download the latest build from here. For any queries or assistance, please reach to our support team at mdm-support@manageengine.com. Follow #mdm-security for all security related updates in Mobile Device Manager Plus
Security Update - ManageEngine Desktop Central (Remote Code Execution - Fixed)
Hello Everyone, The remote code execution vulnerability in Desktop Central (CVE-2020-10189) has been fixed in build 10.0.479. The new hotfix is available at https://www.manageengine.com/products/desktop-central/service-packs.html For more information about the vulnerability, please visit https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html Please contact support for any clarification or the assistance. Thank you.
Announcement on Ghostcat vulnerability (CVE-2020-1938)
Dear users, Ghostcat is a serious vulnerability in Apache Tomcat discovered by security researcher of Chaitin Tech. Due to a flaw in the Tomcat AJP protocol, an attacker can read or include any files in the webapp directories of Tomcat. For example, an attacker can read the webapp configuration files or source code. In addition, if the target web application has a file upload function, the attacker may execute malicious code on the target host by exploiting file inclusion through Ghostcat vulnerability.
[Community Digest] ServiceDesk Plus - February 2020
A lot happens in a month on PitStop around ServiceDesk Plus. And, it's quite likely for you to have missed out on something interesting. So, we decided to bring you all the action of the last month in a digest. Read on and stay updated on all that's making PitStop the most happening IT hub. User Education and Resources: User Education opened to help you use ServiceDesk Plus to its fullest potential, https://www.youtube.com/watch?reload=9&v=EHsZASYhyKU&feature=youtu.be Resources: https://pitstop.manageengine.com/portal/community/topic/one-hundred-ways-to-make-servicedesk-plus-work-for-you-20-2-2020
Critical PPP Daemon vulnerability opens up Linux systems to RCE attacks
Hello guys, The US-CERT has issued an advisory warning users of the new remote code execution (RCE) vulnerability CVE-2020-8597, affecting the PPPD (Point-to-Point Protocol Daemon) installed in almost all flavors of Linux based systems. Other than Linux systems, this vulnerability also affects few other networking applications and devices such as Cisco CallManager, TP-Link products, Synology, and OpenWRT Embedded OS. The vulnerability The vulnerability CVE-2020-8597 exists due to an error in
Critical PPP Daemon vulnerability opens up Linux systems to RCE attacks
Hello guys, The US-CERT has issued an advisory warning users of the new remote code execution (RCE) vulnerability CVE-2020-8597, affecting the PPPD (Point-to-Point Protocol Daemon) installed in almost all flavors of Linux based systems. Other than Linux systems, this vulnerability also affects few other networking applications and devices such as Cisco CallManager, TP-Link products, Synology, and OpenWRT Embedded OS. The vulnerability The vulnerability CVE-2020-8597 exists due to an error in
Critical PPP Daemon vulnerability opens up Linux systems to RCE attacks
Hello guys, The US-CERT has issued an advisory warning users of the new remote code execution (RCE) vulnerability CVE-2020-8597, affecting the PPPD (Point-to-Point Protocol Daemon) installed in almost all flavors of Linux based systems. Other than Linux systems, this vulnerability also affects few other networking applications and devices such as Cisco CallManager, TP-Link products, Synology, and OpenWRT Embedded OS. The vulnerability The vulnerability CVE-2020-8597 exists due to an error in
Fix for Ghostcat Vulnerability (CVE 2020-1938) in Mobile Device Manager Plus MSP
Mobile Device Manager Plus MSP has released a security fix for the recently detected Ghostcat Vulnerability (CVE 2020-1938) which is a file read/inclusion vulnerability detected by Chaitin Tech. This vulnerability can be remotely exploited if the port 8009 is publicly exposed allowing users to read or include files in the webapp directories of Apache Tomcat. The security fix is released in build #92762 and you can download the latest build from here. Follow #security-updates for all security related
Fix for Ghostcat Vulnerability (CVE 2020-1938) in Mobile Device Manager Plus
Mobile Device Manager Plus has released a security fix for the recently detected Ghostcat Vulnerability (CVE 2020-1938) which is a file read/inclusion vulnerability detected by Chaitin Tech. This vulnerability can be remotely exploited if the port 8009 is publicly exposed allowing users to read or include files in the webapp directories of Apache Tomcat. The security fix is released in build #92762 and you can download the latest build from here. Follow #security-updates for all security related
Introducing the new File Shadow feature in Device Control Plus!
Hello everyone! We are pleased to announce the release of the file shadow feature in Device Control Plus. With this tool, mirror copies of the files that are exported or modified using USB devices can be created in real-time. Subsequently these shadow copies can then be safeguarded in password protected network shares. It is a useful capability that provisions admins to apply an added layer of protection for files transferred via USB devices. The settings can be configured directly from the console
ManageEngine launches Application Control Plus
We are thrilled to announce that we have introduced a brand-new application control and privilege management solution - Application Control Plus With Application Control Plus you can leverage the combined benefits of Least Privilege and Zero Trust principles to thwart application-related threats Features and Benefits Instant discovery of all running applications Trust-centric approach to application whitelisting Malware prevention by executable level blacklisting Varied flexibility modes to
ManageEngine launches Application Control Plus
We are thrilled to announce that we have introduced a brand-new application control and privilege management solution - Application Control Plus With Application Control Plus you can leverage the combined benefits of Least Privilege and Zero Trust principles to thwart application-related threats Features and Benefits Instant discovery of all running applications Trust-centric approach to application whitelisting Malware prevention by executable level blacklisting Varied flexibility modes to
ManageEngine launches Application Control Plus
We are thrilled to announce that we have introduced a brand-new application control and privilege management solution - Application Control Plus With Application Control Plus you can leverage the combined benefits of Least Privilege and Zero Trust principles to thwart application-related threats Features and Benefits Instant discovery of all running applications Trust-centric approach to application whitelisting Malware prevention by executable level blacklisting Varied flexibility modes to
ManageEngine launches Application Control Plus
We are thrilled to announce that we have introduced a brand-new application control and privilege management solution - Application Control Plus With Application Control Plus you can leverage the combined benefits of Least Privilege and Zero Trust principles to thwart application-related threats Features and Benefits Instant discovery of all running applications Trust-centric approach to application whitelisting Malware prevention by executable level blacklisting Varied flexibility modes to
RecoveryManager Plus rolls out Build 6010
We are glad to release the latest version of RecoveryManager Plus build 6010 which adds a couple of new features and enhancements. New features: Download sites data: You can now bulk download all data from your SharePoint Online and OneDrive for Business sites backups and store them securely within your premises. Group mailbox backup: You can now backup and restore group mailboxes in your Exchange Online. Enhancements: Option to subscribe to just the PST export of Exchange (Online and on-premises)
Steps to secure MSSQL database connection
Hello folks, This post explains you the steps that need to be followed to secure the database connection in ServiceDesk Plus. How to connect secure MS SQL Server? Summary of Steps: 1. Create SSL certificate 2. Import the SSL certificate to SDP setup. 3. Enable SSL Encryption in SQL Server Step 1 & 2: To start this process, we need to create an "SSL Certificate" it could be either self-signed or third party certificate. Do follow the below steps in MS
Google Chrome critical updates
Hello folks, On February 24, Google released a new stable channel update 80.0.3987.122, for Windows, Mac, and Linux. This was done to address several vulnerabilities in Google chrome. There were 3 security updates released out of which CVE-2020-6418 is rumored to be exploited in the wild. Google further affirms this saying that they were aware this exploit existed in the wild and could have been exploited as a zero-day. List of the security updates released: CVE-2020-6407: Out of bounds memory
Google Chrome critical updates
Hello folks, On February 24, Google released a new stable channel update 80.0.3987.122, for Windows, Mac, and Linux. This was done to address several vulnerabilities in Google chrome. There were 3 security updates released out of which CVE-2020-6418 is rumored to be exploited in the wild. Google further affirms this saying that they were aware this exploit existed in the wild and could have been exploited as a zero-day. List of the security updates released: CVE-2020-6407: Out of bounds memory
Google Chrome critical updates
Hello folks, On February 24, Google released a new stable channel update 80.0.3987.122, for Windows, Mac, and Linux. This was done to address several vulnerabilities in Google chrome. There were 3 security updates released out of which CVE-2020-6418 is rumored to be exploited in the wild. Google further affirms this saying that they were aware this exploit existed in the wild and could have been exploited as a zero-day. List of the security updates released: CVE-2020-6407: Out of bounds memory
One hundred ways to make ServiceDesk Plus work for you!
We found 100 ways to make ServiceDesk Plus work for you. We've created a best practices guide that contains an exhaustive collection of How-tos, Tip and Tricks, and Knowledge Base articles on ServiceDesk Plus. Read on...to discover ways to make ServiceDesk Plus work for you and your team. And, do tell us what we can do to make the experience better for you. Tips & Tricks High time to snub manual translations ServiceDesk Plus built-in scribble pad Auto-approving a change First Call Resolution (FCR)
Collection of KB's(Tips&Tricks, Blogs, ForYourInformation and Did You Know)
Tips & Tricks: Simple way to search requests submitted by a specific requester ServiceDesk Plus built-in scribble pad can save you time everyday Auto-approving a change Minimize the number of clicks in ServiceDesk Plus HelpDesk Admin A usher to requesters Event & Task Reminders from ServiceDesk Link and Merge Requests Sending out custom notifications made easy Encrypt documents generated from ServiceDesk Plus High time to snub manual translations Viewing/Searching request activities is no longer
Problematic updates found in February Patch Tuesday release
Hello everyone, Three standalone security updates released as part of the February Patch Tuesday cycle were found to be problematic. Known issues in KB4524244: The security update KB4524244 released for all versions of Windows 10 addresses an issue in which a third-party Unified Extensible Firmware Interface (UEFI) boot manager might expose UEFI-enabled computers to a security vulnerability. Microsoft has confirmed at least two known issues in the KB4524244: Using the “Reset this PC” feature,
Problematic updates found in February Patch Tuesday release
Hello everyone, Three standalone security updates released as part of the February Patch Tuesday cycle were found to be problematic. Known issues in KB4524244: The security update KB4524244 released for all versions of Windows 10 addresses an issue in which a third-party Unified Extensible Firmware Interface (UEFI) boot manager might expose UEFI-enabled computers to a security vulnerability. Microsoft has confirmed at least two known issues in the KB4524244: Using the “Reset this PC” feature,
Problematic updates found in February Patch Tuesday release
Hello everyone, Three standalone security updates released as part of the February Patch Tuesday cycle were found to be problematic. Known issues in KB4524244: The security update KB4524244 released for all versions of Windows 10 addresses an issue in which a third-party Unified Extensible Firmware Interface (UEFI) boot manager might expose UEFI-enabled computers to a security vulnerability. Microsoft has confirmed at least two known issues in the KB4524244: Using the “Reset this PC” feature,
[Tips & Tricks] Few chat enhancement released with build 11006
The following are the Chat feature enhancements available from build 11006. You can now add hyperlinks to a chat We have added the function to include or exclude chat for sites, groups, and technicians in [Admin -> Chat settings] Requesters can now close an unpicked chat which will be marked as a missed chat. After the technician accepts the chat request, the attachment icon becomes available for the request. In case the technician does not pick up the request within the stipulated time, it becomes
Next Release : Problem Life Cycle Management & Problem Templates
Dear Users, The next major release of ServiceDesk Plus Cloud will include "Problem Life Cycle Management & Problem Templates". Below is the brief summary of enhancements : Problem Life Cycle Problem life cycle allows admins to design a problem resolution process with built-in guidance for help desk technicians. Through a simple drag and drop process, the SDAdmin can create a visual process builder and define the resolution process. You can create, discuss, and rework the process drafts before publishing
Firefox 73 released with fixes for high-severity security vulnerabilities
Hello everyone, Mozilla has released Firefox 73 to the stable desktop channel for Windows, macOS, and Linux operating systems with several new features and security fixes for some high-severity vulnerabilities. What's new in Firefox 73? Following are the new features included in the latest release of Mozilla Firefox. Global default zoom setting High contrast theme improvements Improved audio quality New DoH provider - Next DNS and more Security vulnerabilities fixed Here's the list
Firefox 73 released with fixes for high-severity security vulnerabilities
Hello everyone, Mozilla has released Firefox 73 to the stable desktop channel for Windows, macOS, and Linux operating systems with several new features and security fixes for some high-severity vulnerabilities. What's new in Firefox 73? Following are the new features included in the latest release of Mozilla Firefox. Global default zoom setting High contrast theme improvements Improved audio quality New DoH provider - Next DNS and more Security vulnerabilities fixed Here's the list
Firefox 73 released with fixes for high-severity security vulnerabilities
Hello everyone, Mozilla has released Firefox 73 to the stable desktop channel for Windows, macOS, and Linux operating systems with several new features and security fixes for some high-severity vulnerabilities. What's new in Firefox 73? Following are the new features included in the latest release of Mozilla Firefox. Global default zoom setting High contrast theme improvements Improved audio quality New DoH provider - Next DNS and more Security vulnerabilities fixed Here's the list
Mobile Device Manager Plus- Free Training
Join us on 3rd, 10th and 17th March 2020 at 6:30 GMT or 11:30 EST for a free training session on ManageEngine's enterprise mobility management solution - Mobile Device Manager Plus! Following topics will be covered on March 03: Device Onboarding and Provisioning: Enrollment methods to manage BYOD and corporate devices Applying corporate configurations like VPN, e-mail and Wi-Fi to devices Containerizing corporate data on personally-owned devices Monitoring devices accessing organization's corporate
Patch Tuesday Updates for February 2020!
Hello everyone, Given below are all the updates released on this month's Patch Tuesday! New Security Bulletins : 2020-02 Servicing Stack Update for Windows 10 Version 1903 and Windows Server, version 1903 (KB4538674) 2020-02 Servicing Stack Update for Windows 10 Version 1909 and Windows Server, version 1909 (KB4538674) 2020-02 Servicing Stack Update for Windows 7 and Windows Server 2008 R2 (KB4537829) (ESU) 2020-02 Servicing Stack Update for Windows Server 2008 (KB4537830) (ESU) 2020-02 Cumulative
Patch Tuesday Updates for February 2020
Hello everyone! Given below all the updates released for this month's Patch Tuesday. New Security Bulletins : 2020-02 Servicing Stack Update for Windows 10 Version 1903 and Windows Server, version 1903 (KB4538674) 2020-02 Servicing Stack Update for Windows 10 Version 1909 and Windows Server, version 1909 (KB4538674) 2020-02 Servicing Stack Update for Windows 7 and Windows Server 2008 R2 (KB4537829) (ESU) 2020-02 Servicing Stack Update for Windows Server 2008 (KB4537830) (ESU) 2020-02 Cumulative Update
[DidYouKnow-24] Add images and description to service template resources
With build 11100, we released an enhancement to add images to all available resources in the Service Template. Service catalog shopping model that provides an appealing visual experience to the users. This enhancement enables administrators to add multiple images and a description to the resources in the service template. Here are a few screenshots that provide better insights, From the self-service portal, users can go through the images and descriptions
Next Page