Zoho Releases MSP Security Patch for ManageEngine Desktop Central

Zoho has released a security patch for a vulnerability (CVE-2020-10189) in ManageEngine Desktop Central, a unified endpoint management platform. Many MSPs (managed IT service providers) leverage Desktop Central to remotely monitor and manage PCs, servers, smartphones and tablets.

The Zoho patch safeguards Desktop Central build 10.0.473 and below. If left unpatched, a remote attacker could exploit the vulnerability to take control of an affected system.

The CISA (Cybersecurity and Infrastructure Security Agency), part of the U.S. Department of Homeland Security (DHS), issued an alert about the patch on March 6.

Hackers frequently target MSP software platforms as a universal doorway into multiple end-customer systems. The DHS and FBI have repeatedly warned MSPs to lock down their own software systems, patch regularly, and implement multi-factor authentication across RMM (remote monitoring and management), remote control and other types of IT management software platforms.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.