Zoho has released a security advisory to address an authentication bypass vulnerability (CVE-2021-44757) in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the [Zoho Vulnerability Notification](<https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022>) and the Zoho [ManageEngine Desktop Central](<https://www.manageengine.com/products/desktop-central/cve-2021-44757.html>) and [ManageEngine Desktop Central MSP](<https://www.manageengine.com/desktop-management-msp/cve-2021-44757.html>) security advisories and apply the recommended mitigations immediately. This product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy. **Please share your thoughts.** We recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2022/01/19/zoho-releases-security-advisory-manageengine-desktop-central-and>); we'd welcome your feedback.
Microsoft Yanks Buggy Windows Server Updates
Zoho ManageEngine Desktop Central affected by critical vulnerability
ManageEngine Desktop Central < 10.1.2137.9 Authentication Bypass (CVE-2021-44757)
ManageEngine Desktop Central < 10.1.2137.9 Authentication Bypass (uncredentialed check)