Dear Customer's,

At ManageEngine, we consider security as our top priority. That’s why we bring it to your immediate attention, that some versions of Desktop Central Server contain an unauthenticated remote code execution vulnerability (originally reported by Steven Seeley of Source Incite).

Since this vulnerability has been declared as "Zero Day - Vulnerability", we could see that some of the enterprises were targeted and few customers network compromised. Ever since this vulnerability was brought to our notice, we have tried to reach you through a couple of security advisories, forum posts, in-product messages, and we are also calling customers to ensure that you mitigate this vulnerability as soon as possible.

We strongly recommend that you follow the steps to secure your Desktop Central Server:

On a proactive note, we want you to quarantine the Desktop Central server from your network.

Identify if the Desktop Central server/Network is compromised.

If there are any traces of the exploit, how to mitigate/remediate it, which includes back up and restore of the instance or wipe the corrupted files.

If your Desktop Central server/network is safe, how to secure it further in a proactive note.

Please refer this below article for detailed steps:

If you need assistance, our support team is ready to help. Reach out to us at dc-zeroday@manageengine.com

We strive to resolve these types of security issues as quickly as possible, and we sincerely apologize for any inconvenience caused by this vulnerability. We want to stand by you and help you overcome this situation.

We’re ready to help you, as always.