This document will explain you about the Cross-Site Request Forgery (CSRF) attack. Attackers were able to create administrator accounts, from browsers, where an authenticated Endpoint Central MSP user has logged on.
Vulnerability ID : CVE-2014-9331
Update Released Build : 90130
Update Release Date : Jan 30th 2015
If the attackers happen to gain access to a web browser, where an authenticated Endpoint Central MSP user has previously logged on, then they were able to perform the "Cross-Site Request Forgery Attack" in order to create Endpoint Central administrator accounts..
This has been identified and fixed, in the Endpoint Central MSP build # 90130. Upgrade to the latest build for this issue to be fixed.
Keywords: Security Updates, Vulnerabilities and Fixes, Adminitstrator account creation, CVE-2014-9331, CSRF