This document will explain you about the Cross-Site Request Forgery (CSRF) attack. Attackers were able to create administrator accounts, from browsers, where an authenticated Desktop Central MSP user has logged on.
If the attackers happen to gain access to a web browser, where an authenticated Desktop Central MSP user has previously logged on, then they were able to perform the "Cross-Site Request Forgery Attack" in order to create Desktop Central administrator accounts..
This has been identified and fixed, in the Desktop Central MSP build # 90130. Upgrade to the latest build for this issue to be fixed.
Keywords: Security Updates, Vulnerabilities and Fixes, Adminitstrator account creation, CVE-2014-9331, CSRF