"Out-of-band" fix rolled out for the leaked Eternal Darkness bug
Hello folks, Earlier in March 2020 Patch Tuesday, Microsoft has announced a security advisory on an unpatched vulnerability in the SMBv3 protocol (CVE-2020-0796) with a temporary workaround in place. Now a fix is available for this vulnerability as KB4551762, for Windows 10, versions 1903 and 1909, and Windows Server 2019, versions 1903 and 1909. Microsoft strongly recommends that you install the updates for this vulnerability. In case you have applied the workaround published earlier and wish
[Free e-book] Resolve your help desk's biggest challenges with analytics
Help desks are constantly firefighting with little or no time to look into their own problems such as staffing or technician skill. This e-book outlines a few key help desk challenges and offers actionable solutions to tackle them.
Dell API update for Warranty fetch details
Dell has announced that the API to check for warranty details will be deprecated as on March 12, 2020. The new APIs for Dell has been released in build 10.0.479 and above. To continue to fetch warranty details in Desktop Central securely, follow the below given steps. 1. Log in to your Desktop Central console, click on your current build number on the top right corner. 2. You can find the latest build applicable to you. Download the PPM and update. Cheers, ManageEngine Team
March 2020 Patch Tuesday updates
Hello folks, Good day. Quick update on the March 2020 Patch Tuesday. New Security Bulletins : 2020-03 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB4541506) (ESU) 2020-03 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB4540688) (ESU) 2020-03 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB4541510) 2020-03 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 for
March 2020 Patch Tuesday updates
Hello folks, Good day. Quick update on the March 2020 Patch Tuesday. New Security Bulletins : 2020-03 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB4541506) (ESU) 2020-03 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB4540688) (ESU) 2020-03 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB4541510) 2020-03 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 for
March 2020 Patch Tuesday updates
Hello folks, Good day. Quick update on the March 2020 Patch Tuesday. New Security Bulletins : 2020-03 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB4541506) (ESU) 2020-03 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB4540688) (ESU) 2020-03 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB4541510) 2020-03 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 for
Announcement on directory traversal vulnerability
Dear users, We had identified directory traversal vulnerability (also known as file path traversal) in ServiceDesk Plus which is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running the application. This vulnerability has been reported in the build 11100 and we have fixed it in the latest patch 11106. We request you all to upgrade the application to the latest build if you are on any build between 11100 and 11105. You can download the service
Critical vulnerabilities fixed in Mozilla Firefox 74 and Firefox ESR 68.6
March updates include two advisories from Mozilla, one for Firefox 74 and one for Firefox ESR 68.6, featuring 6 CVEs rated as high. Product Title CVE ID Severity Firefox 74 & Firefox ESR 68.6 Use-after-free when removing data about origins CVE-2020-6805 High Firefox 74 & Firefox ESR 68.6 BodyStream::OnInputStreamReady was missing protections against state confusion CVE-2020-6806 High Firefox 74 & Firefox ESR 68.6 Use-after-free in cubeb during stream destruction CVE-2020-6807 High Firefox 74
Critical vulnerabilities fixed in Mozilla Firefox 74 and Firefox ESR 68.6
March updates include two advisories from Mozilla, one for Firefox 74 and one for Firefox ESR 68.6, featuring 6 CVEs rated as high. Product Title CVE ID Severity Firefox 74 & Firefox ESR 68.6 Use-after-free when removing data about origins CVE-2020-6805 High Firefox 74 & Firefox ESR 68.6 BodyStream::OnInputStreamReady was missing protections against state confusion CVE-2020-6806 High Firefox 74 & Firefox ESR 68.6 Use-after-free in cubeb during stream destruction CVE-2020-6807 High Firefox 74
Critical vulnerabilities fixed in Mozilla Firefox 74 and Firefox ESR 68.6
March updates include two advisories from Mozilla, one for Firefox 74 and one for Firefox ESR 68.6, featuring 6 CVEs rated as high. Product Title CVE ID Severity Firefox 74 & Firefox ESR 68.6 Use-after-free when removing data about origins CVE-2020-6805 High Firefox 74 & Firefox ESR 68.6 BodyStream::OnInputStreamReady was missing protections against state confusion CVE-2020-6806 High Firefox 74 & Firefox ESR 68.6 Use-after-free in cubeb during stream destruction CVE-2020-6807 High Firefox 74
ITSM analytics case study: Happiest Minds Technologies automates IT reporting using Analytics Plus
Happiest Minds Technologies, Bengaluru, India, is a leading IT services company focused on delivering seamless customer experiences across industry sectors such as retail, e-commerce, banking, insurance, IT, engineering R&D, and manufacturing. The company wanted a fully automated analytics program to gain real-time insights from an array of IT applications in a single console. The challenge was that their IT data was scattered across several IT applications and tools. The team at Happiest Minds
March 2020 Patch Tuesday forecast
Look out for a more stable fix this Patch Tuesday for the botched Windows 10 updates 4524244 and 4502496 Microsoft pulled last month. With a huge number of CVEs fixed by Microsoft and a good deal of updates for Reader and Acrobat issued by Adobe last month, we hope March Patch Tuesday will spare us with a lighter set of updates. To save yourself the trouble of sorting them out, catch an early analysis on March Patch Tuesday updates and strategies on safe testing and stable rolling out of patches
March 2020 Patch Tuesday forecast
Look out for a more stable fix this Patch Tuesday for the botched Windows 10 updates 4524244 and 4502496 Microsoft pulled last month. With a huge number of CVEs fixed by Microsoft and a good deal of updates for Reader and Acrobat issued by Adobe last month, we hope March Patch Tuesday will spare us with a lighter set of updates. To save yourself the trouble of sorting them out, catch an early analysis on March Patch Tuesday updates and strategies on safe testing and stable rolling out of patches
March 2020 Patch Tuesday forecast
Look out for a more stable fix this Patch Tuesday for the botched Windows 10 updates 4524244 and 4502496 Microsoft pulled last month. With a huge numbers of CVEs fixed by Microsoft and a good deal of updates for Reader and Acrobat issued by Adobe last month, we hope March Patch Tuesday will spare us with a lighter set of updates. To save yourself the trouble of sorting them out, catch an early analysis on March Patch Tuesday updates and strategies on safe testing and stable rolling out of patches
Security Update - Ghostcat Vulnerability prevention for Desktop Central
A vulnerability with the name Ghostcat in Apache Tomcat (CVE 2020-1938), which is a third-party component used by Desktop Central was discovered by external security researchers of Chaitin Tech. This Ghostcat Vulnerability has been mitigated and has been released for ManageEngine Desktop Central. Follow the below given steps to prevent this vulnerability in Desktop Central Servers. Log in to your Desktop Central console, click on your current build number on the top right corner. You can find the
Unauthenticated remote code execution vulnerability fixed
Hello Everyone, The fix for Remote Code Execution vulnerability in Patch Manager Plus has been released in the build 100426 This hotfix is available at https://www.manageengine.com/patch-management/service-packs.html For more information, please visit here In case of queries or technical assistance contact support. Regards, Team ManageEngine
Unauthenticated Remote Code Execution Vulnerability has been fixed!
Hello everyone, Fix for the Remote Code Execution vulnerability in Device Control Plus has been released in the build 100356. This hotfix is available at https://www.manageengine.com/device-control/service-packs.html For more information, refer this link. In case of queries or for technical assistance please contact support. Best Regards, Team ManageEngine
Security Update | ManageEngine Application Control Plus
Hello Everyone, Fix for the Remote Code Execution vulnerability in Application Control Plus has been released in the build 100504. This hotfix is available at https://www.manageengine.com/application-control/service-packs.html For more information, please visit here. In case of queries or technical assistance contact support Regards, Team ManageEngine
Unauthenticated remote code execution vulnerability fixed
Hello Everyone, Fix for the Remote Code Execution vulnerability in Vulnerability Manager Plus has been released in the build 100346 This hotfix is available at https://www.manageengine.com/vulnerability-management/service-packs.html For more information, please visit here In case of queries or technical assistance contact support Regards, Team ManageEngine
Fix for Security Issue in Mobile Device Manager Plus MSP
Mobile Device Manager Plus MSP has fixed an arbitrary file upload vulnerability which would have otherwise allowed users with malicious intent to upload any file without validation using the log upload functionality. The security fix is available in build #92684 and above. You can download the latest build from here. For any queries or assistance, please reach to our support team at msp-mdm-support@manageengine.com. Follow #mdm-security for all security related updates in Mobile Device Manager Plus
Fix for Security Issue in Mobile Device Manager Plus
Mobile Device Manager Plus has fixed an arbitrary file upload vulnerability which would have otherwise allowed users with malicious intent to upload any file without validation using the log upload functionality. The security fix is available in build #92684 and above. You can download the latest build from here. For any queries or assistance, please reach to our support team at mdm-support@manageengine.com. Follow #mdm-security for all security related updates in Mobile Device Manager Plus
Security Update - ManageEngine Desktop Central (Remote Code Execution - Fixed)
Hello Everyone, The remote code execution vulnerability in Desktop Central (CVE-2020-10189) has been fixed in build 10.0.479. The new hotfix is available at https://www.manageengine.com/products/desktop-central/service-packs.html For more information about the vulnerability, please visit https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html Please contact support for any clarification or the assistance. Thank you.
Announcement on Ghostcat vulnerability (CVE-2020-1938)
Dear users, Ghostcat is a serious vulnerability in Apache Tomcat discovered by security researcher of Chaitin Tech. Due to a flaw in the Tomcat AJP protocol, an attacker can read or include any files in the webapp directories of Tomcat. For example, an attacker can read the webapp configuration files or source code. In addition, if the target web application has a file upload function, the attacker may execute malicious code on the target host by exploiting file inclusion through Ghostcat vulnerability.
[Community Digest] ServiceDesk Plus - February 2020
A lot happens in a month on PitStop around ServiceDesk Plus. And, it's quite likely for you to have missed out on something interesting. So, we decided to bring you all the action of the last month in a digest. Read on and stay updated on all that's making PitStop the most happening IT hub. User Education and Resources: User Education opened to help you use ServiceDesk Plus to its fullest potential, https://www.youtube.com/watch?reload=9&v=EHsZASYhyKU&feature=youtu.be Resources: https://pitstop.manageengine.com/portal/community/topic/one-hundred-ways-to-make-servicedesk-plus-work-for-you-20-2-2020
Critical PPP Daemon vulnerability opens up Linux systems to RCE attacks
Hello guys, The US-CERT has issued an advisory warning users of the new remote code execution (RCE) vulnerability CVE-2020-8597, affecting the PPPD (Point-to-Point Protocol Daemon) installed in almost all flavors of Linux based systems. Other than Linux systems, this vulnerability also affects few other networking applications and devices such as Cisco CallManager, TP-Link products, Synology, and OpenWRT Embedded OS. The vulnerability The vulnerability CVE-2020-8597 exists due to an error in
Critical PPP Daemon vulnerability opens up Linux systems to RCE attacks
Hello guys, The US-CERT has issued an advisory warning users of the new remote code execution (RCE) vulnerability CVE-2020-8597, affecting the PPPD (Point-to-Point Protocol Daemon) installed in almost all flavors of Linux based systems. Other than Linux systems, this vulnerability also affects few other networking applications and devices such as Cisco CallManager, TP-Link products, Synology, and OpenWRT Embedded OS. The vulnerability The vulnerability CVE-2020-8597 exists due to an error in
Critical PPP Daemon vulnerability opens up Linux systems to RCE attacks
Hello guys, The US-CERT has issued an advisory warning users of the new remote code execution (RCE) vulnerability CVE-2020-8597, affecting the PPPD (Point-to-Point Protocol Daemon) installed in almost all flavors of Linux based systems. Other than Linux systems, this vulnerability also affects few other networking applications and devices such as Cisco CallManager, TP-Link products, Synology, and OpenWRT Embedded OS. The vulnerability The vulnerability CVE-2020-8597 exists due to an error in
Fix for Ghostcat Vulnerability (CVE 2020-1938) in Mobile Device Manager Plus MSP
Mobile Device Manager Plus MSP has released a security fix for the recently detected Ghostcat Vulnerability (CVE 2020-1938) which is a file read/inclusion vulnerability detected by Chaitin Tech. This vulnerability can be remotely exploited if the port 8009 is publicly exposed allowing users to read or include files in the webapp directories of Apache Tomcat. The security fix is released in build #92762 and you can download the latest build from here. Follow #security-updates for all security related
Fix for Ghostcat Vulnerability (CVE 2020-1938) in Mobile Device Manager Plus
Mobile Device Manager Plus has released a security fix for the recently detected Ghostcat Vulnerability (CVE 2020-1938) which is a file read/inclusion vulnerability detected by Chaitin Tech. This vulnerability can be remotely exploited if the port 8009 is publicly exposed allowing users to read or include files in the webapp directories of Apache Tomcat. The security fix is released in build #92762 and you can download the latest build from here. Follow #security-updates for all security related
Introducing the new File Shadow feature in Device Control Plus!
Hello everyone! We are pleased to announce the release of the file shadow feature in Device Control Plus. With this tool, mirror copies of the files that are exported or modified using USB devices can be created in real-time. Subsequently these shadow copies can then be safeguarded in password protected network shares. It is a useful capability that provisions admins to apply an added layer of protection for files transferred via USB devices. The settings can be configured directly from the console
ManageEngine launches Application Control Plus
We are thrilled to announce that we have introduced a brand-new application control and privilege management solution - Application Control Plus With Application Control Plus you can leverage the combined benefits of Least Privilege and Zero Trust principles to thwart application-related threats Features and Benefits Instant discovery of all running applications Trust-centric approach to application whitelisting Malware prevention by executable level blacklisting Varied flexibility modes to
ManageEngine launches Application Control Plus
We are thrilled to announce that we have introduced a brand-new application control and privilege management solution - Application Control Plus With Application Control Plus you can leverage the combined benefits of Least Privilege and Zero Trust principles to thwart application-related threats Features and Benefits Instant discovery of all running applications Trust-centric approach to application whitelisting Malware prevention by executable level blacklisting Varied flexibility modes to
ManageEngine launches Application Control Plus
We are thrilled to announce that we have introduced a brand-new application control and privilege management solution - Application Control Plus With Application Control Plus you can leverage the combined benefits of Least Privilege and Zero Trust principles to thwart application-related threats Features and Benefits Instant discovery of all running applications Trust-centric approach to application whitelisting Malware prevention by executable level blacklisting Varied flexibility modes to
ManageEngine launches Application Control Plus
We are thrilled to announce that we have introduced a brand-new application control and privilege management solution - Application Control Plus With Application Control Plus you can leverage the combined benefits of Least Privilege and Zero Trust principles to thwart application-related threats Features and Benefits Instant discovery of all running applications Trust-centric approach to application whitelisting Malware prevention by executable level blacklisting Varied flexibility modes to
RecoveryManager Plus rolls out Build 6010
We are glad to release the latest version of RecoveryManager Plus build 6010 which adds a couple of new features and enhancements. New features: Download sites data: You can now bulk download all data from your SharePoint Online and OneDrive for Business sites backups and store them securely within your premises. Group mailbox backup: You can now backup and restore group mailboxes in your Exchange Online. Enhancements: Option to subscribe to just the PST export of Exchange (Online and on-premises)
Steps to secure MSSQL database connection
Hello folks, This post explains you the steps that need to be followed to secure the database connection in ServiceDesk Plus. How to connect secure MS SQL Server? Summary of Steps: 1. Create SSL certificate 2. Import the SSL certificate to SDP setup. 3. Enable SSL Encryption in SQL Server Step 1 & 2: To start this process, we need to create an "SSL Certificate" it could be either self-signed or third party certificate. Do follow the below steps in MS
Google Chrome critical updates
Hello folks, On February 24, Google released a new stable channel update 80.0.3987.122, for Windows, Mac, and Linux. This was done to address several vulnerabilities in Google chrome. There were 3 security updates released out of which CVE-2020-6418 is rumored to be exploited in the wild. Google further affirms this saying that they were aware this exploit existed in the wild and could have been exploited as a zero-day. List of the security updates released: CVE-2020-6407: Out of bounds memory
Google Chrome critical updates
Hello folks, On February 24, Google released a new stable channel update 80.0.3987.122, for Windows, Mac, and Linux. This was done to address several vulnerabilities in Google chrome. There were 3 security updates released out of which CVE-2020-6418 is rumored to be exploited in the wild. Google further affirms this saying that they were aware this exploit existed in the wild and could have been exploited as a zero-day. List of the security updates released: CVE-2020-6407: Out of bounds memory
Google Chrome critical updates
Hello folks, On February 24, Google released a new stable channel update 80.0.3987.122, for Windows, Mac, and Linux. This was done to address several vulnerabilities in Google chrome. There were 3 security updates released out of which CVE-2020-6418 is rumored to be exploited in the wild. Google further affirms this saying that they were aware this exploit existed in the wild and could have been exploited as a zero-day. List of the security updates released: CVE-2020-6407: Out of bounds memory
One hundred ways to make ServiceDesk Plus work for you!
We found 100 ways to make ServiceDesk Plus work for you. We've created a best practices guide that contains an exhaustive collection of How-tos, Tip and Tricks, and Knowledge Base articles on ServiceDesk Plus. Read on...to discover ways to make ServiceDesk Plus work for you and your team. And, do tell us what we can do to make the experience better for you. Tips & Tricks High time to snub manual translations ServiceDesk Plus built-in scribble pad Auto-approving a change First Call Resolution (FCR)
Next Page