Desktop Central Security Update release

Hi Folks,

Greetings and New Year Wishes from ManageEngine.

This security update resolves a vulnerability in Desktop Central which allows creation of users by remote code execution. An attacker who exploits this vulnerability could gain access to the Desktop Central web console for performing remote desktop management activities. For more details on this vulnerability, refer to here

This vulnerability has been fixed in Desktop Central #build 90109. The current EXE available in the website includes this fix. Existing customers can download and install this security update to fix this vulnerability

Build Number - 90109

http://www.manageengine.com/products/desktop-central/service-packs.html

Customers who has the DC + SDP integration should also upgrade their ServiceDesk Plus to the latest version and enable Authenticated Communication between the two products.

ServiceDesk Plus Hotfix

Build Number - 9033

http://www.manageengine.com/products/service-desk/service-packs.html

Steps to Enable Authenticated Communication

http://www.manageengine.com/products/desktop-central/help/configuring_desktop_central/generating_an_authentication_key.html

The above procedure would fix the reported issue and enable a authenticated communication in the Integration.

Regards,
-----
R. Romanus Prabhu
Technical Account Manager
Device and Desktop Management Solution
Direct Support : +1 408 916 9886
Toll Free: +1 888 720 9500 (US) | 0800 028 6590 (UK) | +1 800 631 268 (AUS)
How To | FAQ | KB | Videos
Forum | Twitter | Blog | Road-map

-- Try our ManageEngine Certification Program --