ENKVA #012 — SimpleHelp RMM auth bypass hits KEV, exploited against support tools
If you run SimpleHelp to reach into client machines — a lot of MSPs and internal help desks do — patch your servers this week. CVE-2026-48558 is an authentication bypass in SimpleHelp's OIDC login flow that NVD rates CVSS 10.0, the maximum. CISA added it to the Known Exploited Vulnerabilities catalog on June 29 with a July 2 due date, and Arctic Wolf reports it is already being exploited for credential theft and malware delivery.
The flaw is a signature-check that never runs. Per NVD, when OIDC authentication is configured, "identity tokens submitted during login are accepted without verifying their cryptographic signature." That lets "a remote, unauthenticated attacker submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session," and "in some configurations, this may also allow bypass of multi-factor authentication." No credentials, no user interaction — an attacker mints their own token and lands as a technician.
A technician session on a remote-support server is not a foothold on one box. It is a console with reach into every endpoint that server manages. That is what makes this a supply-chain risk for MSPs: one exposed support server can reach every endpoint it manages. Arctic Wolf notes the attack condition is narrower than the maximum score suggests — the exposure is worst "when OIDC is configured with group-authenticated login settings" — but its scan data puts "approximately 14,000 SimpleHelp servers" externally exposed, "with an estimated 1,000 directly vulnerable."
SimpleHelp shipped the fix in late May, before the exploitation went public. The affected builds are "5.5.15 and prior" and the 6.0 pre-release versions; the patched releases are 5.5.16 for the 5.5.x line and 6.0 RC2 for 6.0. If you run SimpleSetup, the vendor's update path is Update > Custom with the 5.5.16 release URL.
This is the exact profile BOD 26-04 — the risk-based KEV directive we covered in #010 — puts in its shortest tier: internet-exposable, on KEV, automatable, and granting full control. Every one of this week's four KEV additions landed on that three-day floor. The directive's top tier also requires a forensic triage of the asset, not just a patch — which is the right instinct here, because a maxed-out auth bypass on an exposed support server means an unpatched box may already have hosted an attacker session.
What to do this week:
- Inventory and patch every SimpleHelp server. Find each one you operate, on your own network and inside client environments, and update to 5.5.16 or 6.0 RC2. Do not assume a hosted or single-tenant instance is out of scope until you have checked its version.
- Get the server off the open internet and check the OIDC config. Put the technician interface behind a VPN or IP allow-list rather than a public port, and confirm whether OIDC group-authenticated login is enabled — that is the configuration Arctic Wolf ties to the worst exposure.
- Assume compromise on anything exposed and unpatched, then triage. Treat an internet-reachable server still on 5.5.15 or earlier as potentially breached: audit technician accounts for entries you did not create, review server logs for unexpected sessions, and rotate credentials that server could reach before you call it clean.
Advisories
SharePoint Server: a May patch you may have deprioritized is now exploited
If you run on-premises SharePoint Server, revisit CVE-2026-45659. It is a deserialization-of-untrusted-data flaw (CWE-502) that, per NVD, "allows an authorized attacker to execute code over a network" — NVD rates it CVSS 8.8. Microsoft shipped the fix in the May 2026 security update for SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition, but CISA added it to the KEV catalog on July 1 (due July 4) on evidence of active exploitation. The attacker needs a low-privileged authenticated session (PR:L), not admin.
Action: confirm the May 2026 SharePoint update is installed across all three editions — Subscription Edition build 16.0.19725.20280, 2019 build 16.0.10417.20128, 2016 build 16.0.5552.1002. This is a KEV add for a bug that was already patched two months ago, so the gap is any farm you left on a pre-May build. MSRC CVRF.
Cisco Unified CM: an unauthenticated SSRF that Cisco rates Critical
For shops running Cisco Unified Communications Manager (Unified CM) or its Session Management Edition, CVE-2026-20230 is on KEV (added June 25, due June 28). NVD scores the SSRF flaw CVSS 8.6, but notes "Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates," because a successful exploit lets an unauthenticated attacker "write files to the underlying operating system that could be used later to elevate to root."
Action: the useful detail is the trigger — NVD notes "to exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default." Check whether WebDialer is running on your clusters; if you do not use it, confirm it stays disabled, and if you do, apply the fixed release from Cisco's advisory. KEV catalog.
PTC Windchill and FlexPLM take an unauthenticated deserialization RCE
If a manufacturing client runs PTC Windchill or FlexPLM, CVE-2026-12569 is on KEV (added June 25, due June 28) at CVSS 9.8. Per NVD, it is a remote code execution flaw in Windchill PDMlink and FlexPLM "exploited through the deserialization of untrusted data," reachable by an unauthenticated attacker, and it "impacts Windchill and FlexPLM releases prior to 11.0 M030."
Action: upgrade affected instances to 11.0 M030 or later per PTC's advisory, and keep PLM front ends off the public internet. An unauthenticated deserialization RCE needs only network reach, so an internet-exposed instance is the urgent case. KEV catalog.
Product changes
Remote Help now works inside RemoteApp sessions on AVD
The week of June 29 (Intune service release 2606), Remote Help added support for RemoteApp in Azure Virtual Desktop: it "supports RemoteApp in Azure Virtual Desktop (AVD), enabling help desk agents to securely view and control apps running within RemoteApp sessions," per the Intune What's new page.
Action: if you support clients on AVD RemoteApp, your help desk can now screen-share and control a published app session rather than talking a user through it blind. Pilot it on one host pool before you fold it into your standard support flow. Release notes.
Available macOS PKG apps update themselves
Also GA in service release 2606: "for available macOS PKG apps, updates now deploy to devices automatically when the same app policy was updated with a new app version, so users no longer need to select Install or Reinstall in Company Portal to get the latest version."
Action: if you manage Macs through Intune, republishing a PKG app now pushes the new version without asking the user to act — but it requires the Intune management agent for macOS version 2606.013 or later. Confirm your fleet's agent build before you rely on the auto-update behavior. Release notes.
Intune adds WPA3-Personal to iOS/iPadOS Wi-Fi profiles
Intune "supports WPA3-Personal as a security-type option when configuring Wi-Fi device configuration profiles for iOS/iPadOS," per the June 29 notes.
Action: if you have moved client Wi-Fi to WPA3 and manage iPhones or iPads through Intune, you can now match the profile security type instead of falling back to WPA2. Update the Wi-Fi profile for any site that runs a WPA3-Personal SSID. Release notes.
Defender extends coverage to Microsoft Agent 365
Defender's July update adds security for Microsoft Agent 365 (GA): "with a Microsoft Agent 365 license, Microsoft Defender provides discovery, security posture, threat detection and investigation, and real-time protection for the AI agents in your tenant."
Action: if a client has started running Agent 365 AI agents, the discovery piece is the part to turn on first — you cannot secure agents you cannot see. Inventory what is deployed before you write posture or protection policy around it. What's new.
Compliance
Enterprise App Management reaches GCC High and DoD
For MSPs supporting government tenants, Intune "now extends Enterprise App Management (EAM) to the GCC High (GCCH) and DoD cloud environments," per the June 29 notes — the catalog-based app discovery and deployment feature that was previously commercial-cloud only.
Action: if you package apps by hand for GCC High or DoD clients because EAM was not available, you can now use the catalog in those clouds. Check whether the apps you repackage manually are in the EAM catalog before your next deployment cycle. Release notes.
Windows 25H2 baseline disables IE11 COM automation by default
The Windows security baseline version 25H2 adds a setting to "Disable Internet Explorer 11 Launch Via COM Automation," enabled by default, which "prevents Internet Explorer 11 from being launched through COM automation, which reduces the attack surface on managed devices."
Action: the setting closes a path malware and legacy scripts use to spin up the IE11 engine even after the browser is gone — but pre-existing baseline profiles do not pick it up automatically. Open your 25H2 baseline profile, edit and save it to apply the new setting, and test any line-of-business app that still automates IE through COM before you enforce it broadly. Release notes.
Field notes
A phishing campaign hides a Node.js implant in "photo" ZIPs
Microsoft reported on June 25 on a campaign against hospitality front-desk staff that delivers an implant it tracks as TonRAT. The lures pose as booking notifications and route through "Calendly notification infrastructure" and "Google's URL redirect functionality" — a trick Microsoft calls "authentication laundering" — to land a ZIP named photo-<random numbers>.zip that hides fake image shortcuts like IMG-<random numbers>.png.lnk.
Action: Microsoft's guidance is to "treat photo-themed ZIP archives and fake image shortcuts as high risk." If you find the implant, note the persistence detail: it writes to both HKCU\Run and HKCU\RunOnce, and "both keys must be removed during remediation—removing only the RunOnce entry leaves the Node.js implant active." Microsoft analysis.
A fake "Perplexity AI" extension logged searches before the store pulled it
Microsoft described a malicious Chromium extension branded "Search for perplexity ai" that used "similar branding elements and a typosquatted domain" to impersonate Perplexity AI. It routed search queries through attacker infrastructure where the data was logged, captured keystrokes, then redirected to a real search engine. It shipped through the Chrome Web Store before removal and affects Chromium browsers including Chrome and Edge.
Action: the durable fix is not chasing one extension. Microsoft's guidance is to "restrict the installation of untrusted browser extensions by enforcing allow-listing and enterprise policy controls." If you do not already enforce an extension allow-list through Intune or group policy on managed browsers, this is the week to set one. Microsoft analysis.
Add a comment: