Summary

By creating a custom crafted Windows service an attacker can cause a remote execution on the administrator's workstation.

Severity: Critical

Although there are no signs that this vulnerability is exploited in the wild, Lansweeper recommends installing this update as soon as possible.

Products Affected

Lansweeper 4.x, 5.x, 6.0.0.45 and earlier

Available Updates

Lansweeper 6.0.0.48, which can be downloaded from our download page

How To Update

Updating Lansweeper is easy, quick and completely free of charge. The latest installer can be found on our download page. A detailed step-by-step guide on how to update can be found in this knowledge base article.

Acknowledgements

Bartlomiej Pokrzywinski and Ewerson Guimaraes from Security Competence Center / Poland

The new Lansweeper 6.0 is available for download. It’s no secret anymore that Lansweeper 6.0 comes with a functional Help Desk fully integrated with our mature IT asset management solution. Take the opportunity to get acquainted with the reorganized 6.0 menu and the various new functionalities this brand new version includes. Aside from the Help Desk feature, the new release includes a knowledge base as well as a calendar. You can now update to version 6.0 by using the installer available on the download page of our website. Lansweeper 6.0 is available to all customers, just like any other update we release. The help desk section is licensed on a per agent basis, including one free agent license in all existing and newly purchased Lansweeper licenses. An unlimited number of users can open tickets, but you pay a fee per agent that responds to those tickets. Additional agent licenses can be purchased through our online store at $ 10 per agent per month. For additional information, please contact our Sales team.

A selection of included functionalities is listed below. More details of the included features, important help desk concepts, and terminology can be found here.

• A fully functional help desk that integrates with Lansweeper.
• A feature-rich ticketing system that allows people inside and outside of your company to send questions and request support. The ticketing part of the help desk includes, among others, the following features:
  • Tickets can be created through the web console, via email, API and the import feature.
  • Organization of tickets into ticket types.
  • Prioritization of tickets through ticket priorities and follow-ups.
  • Custom fields, optionally nested, to add extra information to tickets in an organized way.
  • Ticket filters, tabs and notifications to easily organize tickets into various overviews.
  • Ticket templates and outgoing email templates (auto reply).
  • Ticket dispatching, automatic assignment and closing of tickets.
  • SLAs to set company standards for the handling and resolution of tickets.
  • Customization options like signatures, different ticket sorting methods, email alerts and more.
• A knowledge base to share articles with your employees on a variety of topics.
• A calendar to keep track of meetings, vacation days and more. Calendar events can be linked to tickets.
• Optional customization of the look and feel of the help desk.
• Flexible security settings that restrict web console access through a system of roles and permissions.

Lansweeper version 5.3.0.13 is now available for download. You can perform a free update of your existing installation by downloading this installer and then following these update instructions. The most important thing the update adds is support for Windows 10. You should now be able to install Lansweeper on Windows 10 without issue, as well as scan Windows 10 machines. Another addition in 5.3.0.13 is a new asset/user action plugin for the latest Chrome releases.

Below is a summary of some of the most important changes. A complete list of bug fixes, changes and additions can be found in this changelog. Have a question about this update? The Lansweeper support team can be reached at support@lansweeper.com

• Added: Windows 10 support.
• Added: Replacement extension for the old Chrome plugin.
• Added: OS end of life reports.
• Added: Extra website version check on upgrade/install.
• Added: Informative page for Error 500 issues.
• Added: Support for .pcc file extension.
• Changed: New HTTPS certificate with 2048 bit RSA encryption.
• Changed: Updated Visual C++ installation from 2008 to 2012.
• Changed: Smaller installer, required components are now downloaded when not installed.
• Changed: Asset name when scanned device only has an IP address.
• Changed: Increased the length of the values in tsysCustomNames.
• Changed: Procedure of defining a scanned asset as 'Unknown'.
• Changed: IP rescan priority.
• Changed: Add alias for HDD model in built-in reports.

Have you just started using Lansweeper or are you already an experienced user? This feature overview will give you some global insights as to how an IT admin can use Lansweeper.

Get to know the Lansweeper network management software in this quick, 3-minute video!