On 27 March 2015, a proof of concept (PoC) exploit code was released on multiple websites such as Seclist.org and PacketStormSecurity.com. Open source research did not reveal any instances of this vulnerability in the wild. However, this does not mean that malicious actors will not attempt to exploit the flaw in the future or incorporate it into exploit kits.
We recommend that customers using the ManageEngine Desktop Central 9 or earlier versions upgrade to the latest build #91113 for this issue to be fixed. To reach the latest version, if you have to install a couple of service packs and hotfixes, we recommend exiting the Update Manager tool for every PPM installation. A complete set of instructions for applying the latest service packs and hotfixes as well as troubleshooting guidance can be found at the vendor’s website located at
Mitigating controls: …show more content…
It is always recommended that users maintain the most recent versions of applications especially once patches or fixes are made available by the vendor. We recommend enforcing proper access control, activity monitoring, and intrusion detection/prevention to detect and respond to anomalous network traffic as well as prevent an attacker from moving laterally through a network using compromised administrator credentials. Keep in mind that prior to applying the update, make sure to back up your existing installation to include all applications, configuration files, databases and database settings, etc. This will allow you to restore previous instances and/or settings, if you encounter compatibility or other unforeseen