Unpatched Zoho Products are Being Actively Targeted by Cyberattacks

We would like to share some important information about an exploit that is still developing.

On Monday, January 23rd, CISA officially recognized and posted an advisory for both public and private entities warning against an exploit that brings a high risk of abuse.

We wanted to make you aware of this critical exploit in Zoho ManageEngine products. The exploit allows for remote code execution, which can instantly give the attacker total administrator access from anywhere in the world.

Unpatched versions of at least 24 different Zoho ManageEngine products are affected including:

  • Active Directory 360

  • ADSelfServicePlus

  • ADManagerPlus

  • EndPoint Central

  • EndPoint Central MSP

Early estimates indicate that at least 10% of all internet accessible ManageEngine instances may be vulnerable to this takeover attack.

You need to be sure that you have latest patches, so please refer to this advisory page to download the necessary upgrades/hot fixes for your product.

Since this exploit covers such a wide range of ManageEngine products, now might be a good time to run a security scan on your environment for previously unknown software that may belong to the Zoho ManageEngine family.

If you would like us to investigate whether ManageEngine software has made its way into your environment, or help with the patching process, please reach out sooner rather than later.

Our threat intelligence tells us that ManageEngine products have a history of being a prime target for both cyber-attackers and brokers of stolen data on the Dark Web.

As always, XOGENT is dedicated to your security.

Greg Tirico