Zoho’s ManageEngine Desktop Central is a management platform that helps admins deploy patches and software automatically over the network and troubleshoot them remotely. Zoho urged customers today to update their Desktop Central and Desktop Central MSP installations to the latest available version.
The warning comes after the company patched a critical vulnerability (tracked as CVE-2021-44515) which could allow attackers to bypass authentication and execute arbitrary code on unpatched Manage Engine Desktop Central servers but cloud version not affected.
As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possibleZOHO Statement
To detect if your installation was compromised using this security flaw, you can use Zoho’s Exploit Detection Tool and go through the procedure detailed here.
If impacted, the company recommends disconnecting and backing up all critical business data on affected systems from the network, formatting the compromised servers, restoring Desktop Central, and updating it to the latest build once the installation ends.
If signs of compromise have been found, Zoho also recommends initiating a “password reset for all services, accounts, Active Directory, etc. that has been accessed from the service installed machine” together with Active Directory administrator passwords.
A quick search using Shodan has revealed over 3,200 Manage Engine Desktop Central instances running on various ports and exposed to attacks.
This is not the first time Zoho softwares under Threat. Earlier in this year the ADConnect software was under Threat from nation state actor. In order to protect keep updating the software. Stay Vigilant.