Zoho has patched a new critical vulnerability that affects the company’s unified endpoint management (UEM) solutions Desktop Central and Desktop Central MSP. Zoho ManageEngine Desktop Central is a desktop and mobile device management software. Administrators can manage servers, laptops, desktops, cellphones, and tablets from one place with this tool. Zoho launched the updated versions of … Continue reading “Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (CVE-2021-44757)”
Author: Diksha Ojha
Microsoft Windows security update for January 2022 addresses 126 Vulnerabilities with 9 rated as Critical
Microsoft patched 126 vulnerabilities in their January 2022 Patch Tuesday release. Out of these, nine are rated as critical severity. As of this writing, none of the 126 vulnerabilities are known to be actively exploited. Microsoft has fixed problems in their software including Remote Code Execution (RCE) vulnerabilities, privilege escalation security flaws, spoofing bugs, … Continue reading “Microsoft Windows security update for January 2022 addresses 126 Vulnerabilities with 9 rated as Critical”
Microsoft Active Directory Domain Services (AD DS) Privilege Escalation Vulnerability (CVE-2021-42278 & CVE-2021-42287)
Following the release of a proof-of-concept (PoC) tool on December 12, Microsoft is advising users to repair two security vulnerabilities (tracked as CVE-2021-42287 and CVE-2021-42278) in Active Directory domain controllers that it addressed in November. Both flaws are categorized as “Windows Active Directory domain service privilege-escalation” flaws with a CVSS criticality score of 7.5 out of … Continue reading “Microsoft Active Directory Domain Services (AD DS) Privilege Escalation Vulnerability (CVE-2021-42278 & CVE-2021-42287)”
Apache Releases Security Update for HTTP Server 2.4 to Address Two Vulnerabilities (CVE-2021-44790 & CVE-2021-44224)
Apache, the open-source software foundation behind the Log4j logging library that has been the subject of so many Log4Shell headlines, released an update to correct two vulnerabilities in HTTPD, a web server that ranks right up there with Log4j in terms of ubiquity. These recently discovered vulnerabilities (CVE-2021-44790 & CVE-2021-44224) allow attackers to cause a … Continue reading “Apache Releases Security Update for HTTP Server 2.4 to Address Two Vulnerabilities (CVE-2021-44790 & CVE-2021-44224)”
Apache Log4j2 Zero-day Remote Code Execution Vulnerability Exploited in the Wild (CVE-2021-44228)
A remote code execution vulnerability in Apache Log4j2 was discovered on the Internet on December 9, 2021, and is actively being exploited in the wild. In Apache Log4j2, attackers can create customized requests to execute remote code. Users are recommended to examine related vulnerabilities as soon as possible due to the wide spectrum of impact … Continue reading “Apache Log4j2 Zero-day Remote Code Execution Vulnerability Exploited in the Wild (CVE-2021-44228)”
Grafana Releases Fix for Zero-day Vulnerability Exploited in the Wild (CVE-2021-43798)
Grafana Labs released an emergency security upgrade to fix a zero-day flaw that permitted remote access to local files. Security researchers released proof-of-concept code to exploit the flaw over the weekend. Before Grafana Labs gave out patches for affected versions 8.0.0-beta1 through 8.3.0, details regarding the issue became public earlier this week. Tracked as CVE-2021-43798, this is … Continue reading “Grafana Releases Fix for Zero-day Vulnerability Exploited in the Wild (CVE-2021-43798)”
Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (CVE-2021-44515)
Malicious actors are actively exploiting a recently patched critical vulnerability in Zoho’s Desktop Central and Desktop Central MSP products. This is the third time in the last four months that a security vulnerability in one of its products has been exploited in the wild. Tracked as CVE-2021-44515, this is an authentication bypass vulnerability in ManageEngine … Continue reading “Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (CVE-2021-44515)”
Zoho ManageEngine ServiceDesk Plus and SupportCenter Plus Unauthenticated Remote Code Execution Vulnerability (CVE-2021-44077)
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have warned users of a newly patched issue in Zoho’s ManageEngine ServiceDesk Plus and SupportCenter Plus that can be used to drop web– shells leading to remote code execution. CVE-2021-44077 is an unauthenticated remote code execution vulnerability that affects older versions of ServiceDesk Plus and SupportCenter Plus. Zoho ManageEngine ServiceDesk Plus remote code execution vulnerability ManageEngine ServiceDesk … Continue reading “Zoho ManageEngine ServiceDesk Plus and SupportCenter Plus Unauthenticated Remote Code Execution Vulnerability (CVE-2021-44077)”
Unpatched Information Disclosure Vulnerability affects Microsoft Windows (zero-day) (CVE-2021-24084)
Security researchers have discovered an unpatched Windows OS security vulnerability that could allow information disclosure and local privilege escalation (LPE). The flaw (CVE-2021-24084) has yet to be officially fixed, making it an important vulnerability. However, an unofficial patch has been released as a workaround. The vulnerability affects the Windows Mobile Device Management component, and it could allow unauthorized access to the filesystem and the reading of arbitrary data. … Continue reading “Unpatched Information Disclosure Vulnerability affects Microsoft Windows (zero-day) (CVE-2021-24084)”
Microsoft’s New Zero-day Windows Local Privilege Escalation Vulnerability (CVE-2021-41379)
Attackers are actively exploiting a zero-day vulnerability in Windows Installer. The vulnerability was found after a Microsoft patch for another security weakness failed to adequately repair the initial and unrelated bug. A security researcher found this Windows Installer Elevation of Privilege vulnerability termed as CVE-2021-41379. The vulnerability allows threat actors with limited access to a compromised device to elevate … Continue reading “Microsoft’s New Zero-day Windows Local Privilege Escalation Vulnerability (CVE-2021-41379)”
