ManageEngine Endpoint Central DLL injection vulnerability
Note: The steps mentioned below are applicable only for Endpoint Central build 10.0.479. For build versions below 10.0.479,
upgrade to 10.0.479 to proceed with these steps. This issue has been resolved in all build versions above 10.0.479.
This document explains the steps to apply the fix for the unauthenticated injection of DLL using dctask64.exe. This is an executable used by the Endpoint Central agent for executing tasks pertaining to 64-bit operations.
About the issue
This executable used by the Endpoint Central agent allows the injection of DLL, and execution of custom scripts, as unencrypted arguments could be passed.
Resolution of the issue
Follow the steps mentioned below to apply the fix wherein dctask64.exe is conditioned to pass only encrypted arguments, and will not process any unencrypted argument that is passed. The silver lining to this situation is the inability to escalate privileges, as only administrator accounts have the privilege to install Endpoint Central agents.
Steps to apply the fix
- Stop the Endpoint Central service.
- Download this zip folder, and extract the files to the Endpoint Central Server installation directory.
- Extraction of this folder will create two more files:“Extract.bat” and “VulnerabilityFix.zip”. Ensure these two files are placed in the server installation directory.
- Open the Command Prompt as an administrator and navigate to the server installation directory.
- Run Extract.bat.
- Start the Endpoint Central service.
Free Edition