Receive the latest updates of Drivers and BIOS
Hi! There is a new Feature in Desktop Central: Get the latest driver and BIOS updates. This Feature would be nice too in Patch Manager Plus! Regards, Holger
Microsoft Patch Tuesday Updates - October 2019
Howdy folks A quick run-down on the patch tuesday updates for October 2019 New Security Bulletins : 2019-10 Security Only Quality Update for Windows Server 2008 (KB4520009) 2019-10 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4520003) 2019-10 Security Only Quality Update for Windows Server 2012 (KB4519985) 2019-10 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4519990) 2019-10 Cumulative Update for Windows 10 Version 1903 and Windows Server
Patches for 8 high-severity vulnerabilities in Foxit Reader released
Hey folks, Eight highly critical vulnerabilities have been discovered in Foxit Reader and Foxit has come out with the patches to fix these vulnerabilities. The most severe of these vulnerabilities has a CVSS score of 8.8 and could result in arbitrary code execution and denial of service, when used in older versions of Foxit Reader (version 9.4.1.16828). The other seven vulnerabilities have a CVSS score of 7.8 and could allow a remote attacker to gain access to the system. These specifically target
Microsoft releases out-of-band security update to fix IE zero-day & Defender bug
1. IE zero day The IE zero day is a very critical vulnerability which can be exploited via Remote Code Execution (RCE). Remote code execution is an attack that can be performed by executing malicious codes from remote location. The IE zero day is tracked with CVE-2019-1367identifier. 2. Microsoft Defender DoS bug Microsoft also released security patches to fix a DoS bug associated with Microsoft Defender. The good news is, to exploit the bug, the attacker first needs to gain access to the victim's
Patch Tuesday September 2019 updates from ManageEngine
Good day. Quick update on the September 2019 Patch Tuesday. New Security Bulletins : 2019-09 Security Update for Adobe Flash Player for Windows (KB4516115) 2019-09 Security Only Quality Update for Windows Server 2008 (KB4516051) 2019-09 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4516033) 2019-09 Security Only Quality Update for Windows Server 2012 (KB4516062) 2019-09 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4516064) 2019-09 Cumulative
user privilege to scan patches and install agent
Dear support, Please send me require user privilege for Linux , SUSE, UBUNTU, ..etc to scan patch servers and install agent , we don’t recommend using root password Thanks, Hani Nasif ManageEngine Golden Partner, KSA
Query for Custom Groups
Hi all, Hoping someone can point me in the right direction. Database is postgresql. I am trying to list all managed computers under a dynamic custom group. Select * from resource - will return the resourceID, name, domain_netbios_name etc I see my custom groups have a resourceID assigned and all groups returned are resource_type 101 Select * from CustomGroupMemberRel returns back member_resource_id and group_resource_id, but neither of those fields contain the dynamic group ID's. My APD tasks have
Reinforce data protection with our all new Data leakage prevention solution: "Device Control Plus".
We are absolutely glad to inform you that we have introduced a brand-new Data leakage prevention solution for removable devices - Device Control Plus Reinforce data protection with our all new Data leakage prevention solution: Device Control Plus. Control, block and monitor all USB and peripheral devices effortlessly. Eliminate data loss due to unauthorized data transfers. Implement file access control to prevent unprivileged access. Get your work done quickly by granting temporary access to
Vulnerability manager Plus (Patch Management) - Disable Automatic Updates
I'm looking to push the "Disable Office 365 Automatic updates" to a group of PC's as several 3rd party applications the PC's run are sometimes broken by the application of the monthly updates provided by Microsoft. If the end user (and the PC) transitions to a different department/responsibility, how is it possible to restore the automatic monthly patching of MS Office since the registry has been "tattoo'ed" with specific entries? Thank you.
Patch Management - Disable Automatic Updates - Office 365
I'm looking to deploy the "Disable Office 365 Updates" and the changes are made to the registry of the target PC's. If the PC is removed from the grouping and I want the Office 365 updates to begin automatically applying directly from Microsoft, what is the process to make this happen. Thank you.
Superseded Patch Removal
Good morning! I am having a problem where superseded patches are showing up I am running PM+, Build Version:10.0.347, and have patches listed under my Missing Patches section that are considered superseded and hence are disabled and greyed out. Due to this, I am unable to select it to Decline Patch and remove it from my list. Can you please advise how to remove superseded patches so they're not considered missing?
Patch Tuesday August 2019 updates from ManageEngine
Good day. Quick update on the August 2019 Patch Tuesday. New Security Bulletins : 2019-08 Security Only Quality Update for Windows Server 2008 (KB4512491) 2019-08 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4512486) 2019-08 Security Only Quality Update for Windows Server 2012 (KB4512482) 2019-08 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4512489) 2019-08 Cumulative Update for Windows 10 Version 1809 and Windows Server 2019 (KB4511553) 2019-08
July 2019 Patch Tuesday updates
New Security Bulletins : 2019-07 Security Only Quality Update for Windows Server 2008 (KB4507461) (CVE-2019-1132) 2019-07 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4507456) (CVE-2019-1132) 2019-07 Security Only Quality Update for Windows Server 2012 (KB4507464) (CVE-2019-0880) 2019-07 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4507457) (CVE-2019-0880) 2019-07 Cumulative Update for Windows 10 Version 1803 and Windows Server 2016 (1803)
Mozilla fixed Zero-day vulnerabilities in Firefox
Mozilla addressed two zero-day vulnerabilities in Mozilla Firefox that were being used in targeted attacks in the wild. CVE-2019-11707 is a type confusion vulnerability in Mozilla Firefox that can result in an exploitable crash. CVE-2019-11708 is a sandbox escape vulnerability. Combining both CVE-2019-11708 and CVE-2019-11707, attackers can perform arbitrary code execution. Thunderbird is also affected but generally cannot be exploited since scripting is disabled when reading mail. Following this,
Microsoft Patch Tuesday updates for June 2019
New Security Bulletins : 2019-06 Security Update for Adobe Flash Player for Windows (KB4503308) 2019-06 Security Only Quality Update for Windows Server 2008 (KB4503287) 2019-06 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4503269) 2019-06 Security Only Quality Update for Windows Server 2012 (KB4503263) 2019-06 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4503290) 2019-06 Cumulative Update for Windows 10 Version 1607 and Windows Server 2016
[Free Seminar] Secure your organization's endpoints against the latest cyberattacks and security vulnerabilities
Be it WannaCry, Meltdown, Spectre or Petya each year bears witness to new cyberattacks and security vulnerabilities, and the year 2019 is no different. From the BlueKeep vulnerability that affects over a million systems, to the ZombieLoad attack that affects nearly every Intel chip since 2011, IT teams across the globe face an uphill battle this year to secure their organization's desktops and mobile devices. Organizations irrespective of the industry they cater to, are often caught unawares by
[Important] Migration of Central Patch Repository server; If you've whitelisted Central Patch Repository server's IP address from firewall, attention!!
Hello peeps, We've got an important announcement. To support our increasing customer base and to meet the future demand, we are migrating our current patch repository server - patchdb.manageengine.com to a static alternative. For users who've white listed the current patch repository server's IP address in their firewall, we request to contact our support team for details of the latest patch repository IP address. This migration will take place on 30-May-2019. So, we suggest our users to contact
Highly critical processor chip flaw "ZombieLoad" patched
A new class of processor chip vulnerabilities targeting the 'speculative execution' portion of Intel chips has been discovered by a group of researchers a few days back. These three vulnerabilities are named ZombieLoad, fallout, and RIDL (Rogue In-flight Data Load). These flaws are rated highly critical by the team of researchers who discovered them. ManageEngine Patch Manager Plus now supports patches for the ZombieLoad vulnerability. Name of the Vulnerability: ZombieLoad Severity : Highly critical
May 2019 Patch Tuesday updates from ManageEngine
Hello peeps, Good day. Quick update on the May 2019 Patch Tuesday updates. New Security Bulletins : 2019-05 Security Update for Adobe Flash Player for Windows (KB4497932) 2019-05 Security Only Quality Update for Windows Server 2008 (KB4499180) 2019-05 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4499175) 2019-05 Security Only Quality Update for Windows Server 2012 (KB4499158) 2019-05 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4499165) 2019-05
Microsoft releases a fix for the Wormable vulnerability(CVE-2019-0708)
Microsoft released this month's edition of Patch Tuesday with fix for a highly critical vulnerability. This vulnerability (CVE-2019-0708), dubbed "Wormable vulnerability", resides in "Remote Desktop Services" component and could be exploited remotely by sending specially crafted requests over RDP(Remote Desktop Protocol) to a targeted system. This vulnerability is present in Windows 7, Windows Server 2008 R2, Windows Server 2008 and in older versions like Windows XP and Windows 2003 as well.
Critical bug fixes in Google Chrome 74.0.3729.108
The Chrome team has rolled out the latest version Chrome 74.0.3729.108 with a huge list of bug fixes and improvements. This update comes with nearly 39 security fixes. Below is the list of CVE IDs that are rated 'Critical' CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5812 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5816 CVE-2019-5817 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823 To patch
Adobe discontinues its support for Adobe Shockwave
Adobe has announced that Adobe Shockwave will not be supported anymore. Effecitve from April 9, 2019 Adobe Shockwave for Windows will no longer be available for download. But Adobe added that "Companies with existing Enterprise licenses for Adobe Shockwave continue to receive support until the end of their current contracts" Please note that Adobe has discontinued Adobe Shockwave for macOS on March 1, 2017. So, even if you have Adobe Shockwave installed in your environment, Patch Manager Plus
Issue in booting up the machines after installing Windows updates.
Computers fail to boot after installing the following Windows updates: KB4493467, KB4493446, KB4493448, KB4493472, KB4493450, KB4493451 Note: This issue will occur for systems having Sophos Endpoint Security Installed. Reference: https://community.sophos.com/kb/en-us/133945 Patch Manager Plus has marked these updates as 'Partially Superseded' and they won't be listed in the 'Missing Patches'. However, these updates can be viewed and uninstalled from the 'Installed Patches' view. Update 1: To
Patch Manager Plus now supports April 2019 Patch Tuesday updates
Good day. A quick update on the April 2019 Patch Tuesday. New Security Bulletins : 2019-04 Security Update for Adobe Flash Player for Windows (KB4493478) 2019-04 Security Only Quality Update for Windows Server 2008 (KB4493458) 2019-04 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4493448) 2019-04 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB4493450) 2019-04 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4493467)
Chrome releases a new stable version 73.0.3683.103
Google has just rolled out a new update for Chrome 73 that comes with some minor bug fixes and performance updates. With this latest update, Chrome will be inching closer to releasing the next big update — Chrome 74. Patch Manager Plus now supports updating your endpoints to the latest version - Chrome 73.0.3683.103. If you're looking to update your Chrome, just look for Bulletin ID - TU-017 and Patch ID - 309433 (32-bit) and 309434 (64-bit)
Microsoft warns BSOD on devices after enabling EUDC
Microsoft has warned that if per font end-user-defined characters (EUDC) is enabled, the system will stop working and a blue screen will appear at startup. But it can be avoided if you don't install the following updates: KB4489894, KB4489890, KB4489888 and KB4489889. Patch Manager Plus has suspended these updates and for users who already have these updates in your endpoints, kindly follow the steps given in the Microsoft's official KB article. https://support.microsoft.com/en-in/help/4496149
Critical updates released for Mozilla Thunderbird, iCloud, and iTunes
Apple and Mozilla have released critical updates in their products — iCloud (7.11.0.19), iTunes (12.9.4.102) and Thunderbird (60.6.1) respectively. Patch Manager Plus now supports the patching of these updates. Below are the possible exploits for each application if they're left unpatched. Application: iCloud (7.11.0.19) Possible Exploit if left unpatched: Elevation of Privilege, Remote Code Execution Application: iTunes (12.9.4.102) Possible Exploit if left unpatched: Elevation of Privilege,
Can someone explain the correct usage of the 'Test and Approve' feature + test groups?
The documentation for 'Test and Approve' is not very clear on the specific implementation of the feature: https://www.manageengine.com/patch-management/help/test-approve-patches.html#test Consider this: - An automated deployment called 'Workstation Patches' that applies patches to all (100) Windows 7 workstations - A group called 'Windows 7 Test Group' that contains (5) Windows workstations targeted by the 'Workstation Patches' deployment - Approval type set to "Test and Approve' I want unapproved
Trouble deploying KB4056894 - March Update
I am attempting to deploy March patches with PatchManager Plus and for some reason all of the Windows 7 computers that I am attempting to deploy KB4056894 to are failing. The Remarks are “Unknown Error. Code : -2145124329”. The help indicates that is a corrept file system but I find it hard to believe that all my Windows 7 computers suddenly have a corrupt file system. Is anyone else experiencing this?
Critical security updates released for Firefox 66.0.1
Mozilla has released updates to address two critical vulnerabilities in Firefox 66.0.1 and Firefox 66.6.1 ESR (Extended Support Release). These vulnerabilities, that are addressed in CVE-2019-9810 and CVE-2019-9813, come as fixes for incorrect handling of files in IonMonkey (Mozilla's JIT compiler for SpiderMonkey). Patch Manager Plus now supports these critical Mozilla updates. To patch your Mozilla Firefox with these latest critical updates, look for Patch IDs 309305,309306,309307 and 309309.
Google Chrome releases stable version 73.0.3683.86
Google Chrome has updated the stable channel to 73.0.3683.86. This version comes with a bevy of features like the built-in dark mode, tab grouping, media key support etc. along with several bug fixes. Patch Manager Plus now supports Google Chrome's latest version 73.0.3683.86 for Windows and Mac. If you're looking to update your Chrome to get your hands on the newest features, just look for Bulletin ID - TU-017 and Patch ID - 309264 (32-bit) and 309265 (64-bit) in Patch Manager Plus.
Zero-day bug in Win32k component is being actively exploited
The zero-day vulnerability in Win32k component which was patched with this Month's Patch Tuesday is being actively exploited by attackers. This vulnerability was addressed by Microsoft in CVE-2019-0797 . The vulnerability: This is an Elevation of Privilege vulnerability found in the win32k that fails to handle objects in memory properly. If this zero-day vulnerability is exploited, the attacker could execute arbitrary codes in kernel mode. Solution: To stay secured from this exploit, Patch
Chrome 73 to patch a huge list of critical vulnerabilities
Google Chrome has rolled out Chrome 73 for Windows, Mac and Linux. Around 60 security fixes are included in the Chrome 73.0.3683.75 update. Below is a highlighted list of fixes that address critical vulnerabilities: Workaround: Search for the following patch IDs: 309179 (for 32 bit) ,309181 (for 64) in Patch Manager Plus and deploy them immediately to stay secure against the above mentioned vulnerabilities.
Microsoft Patch Tuesday updates for March 2019
Good day. Quick update on the March 2019 Patch Tuesday. New Security Bulletins : 2019-03 Security Update for Adobe Flash Player for Windows (KB4489907) 2019-03 Security Only Quality Update for Windows Server 2008 (KB4489876) 2019-03 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4489885) 2019-03 Security Only Quality Update for Windows Server 2012 (KB4489884) 2019-03 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4489883) 2019-03 Cumulative Update
Update your Google Chrome to 72.0.3626.121 ASAP!
The Chrome Security team has released a fix for a highly critical vulnerability in Google Chrome (72.0.3626.121)with CVE-2019-5786 that could allow a remote attacker to execute arbitrary code and take full control of the computers. Please note that this vulnerability is being actively exploited. The Chrome security team reported the issue as a use-after-free vulnerability found in the FileReader component of the Chrome browser. The security team hasn't revealed any technical details of the vulnerability
Launching Vulnerability Manager Plus: Hunt down security loopholes with 100% precision
Amp up your endpoint security game with ManageEngine's all-new Vulnerability Manager Plus. Pinpoint, prioritize, and eliminate vulnerabilities with ease. With Vulnerability Manager Plus' 360-degree visibility, you can eliminate blind spots, uncover exposed areas of your network, and seal security loopholes before they lead to a breach. Vulnerability Manager Plus delivers the threat intelligence necessary to predict real risks from a plethora of vulnerabilities, and acts as a strategic partner in
Microsoft now requires SHA-2 algorithm to patch Windows legacy OS versions
Microsoft has said in an official statement that it will be ruling out the support for SHA-1 algorithm and migrate to SHA-2 hash algorithm for code-signing purpose. Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by July 2019. Any devices without SHA-2 support will not be offered Windows updates after July 2019. Microsoft will be releasing updates that introduces
Adobe releases an update to fix a bug in their Zero-day patch released a week ago
After the update that was targeted at fixing the zero-day vulnerability, failed to patch it, Adobe has released another patch to fix the critical information disclosure bug in Adobe Acrobat reader. This zero-day vulnerability which was tracked as CVE-2019-7089 was reported by a security researcher on Jan 26 which could lead to disclosure of sensitive information. On Feb 12, Adobe tried resolving this issue by releasing a fix for this zero-day bug. But the security reacher found a by-pass in the
Update to the latest hotfix - logs issue fixed.
Hey all, There was a password printing issue in our logs, which is now fixed. There's no printing of critical data in the logs anymore, we have ensured with thorough testing that the logs are cleared of any passwords. Our customers can upgrade to the latest hotfixes as applicable. Learn about it here: https://www.manageengine.com/products/desktop-central/vulnerability-in-log-files.html Security is our foremost priority, and we strive to upkeep our users' security. Thanks for your understanding and
macOS Mojave 10.14.3 Supplemental Update for FaceTime bug
Apple has rolled out macOS Mojave 10.14.3 supplemental update that fixes the FaceTime bug that let people eavesdrop on unanswered group video calls. Besides, the macOS Mojave 10.14.3 supplemental update addresses another security issue involving Live Photos on FaceTime. Apple didn't disclose any information on that issue yet, but ensured that it's been fixed in the new update. Workaround: You can deploy macOS Mojave 10.14.3 supplemental update to resume using FaceTime without any issues. To deploy
Next Page