February 20, 2024 at 11:52AM
ConnectWise issued a warning to immediately patch ScreenConnect servers due to high-severity flaws that can lead to remote code execution attacks. There is no evidence of exploitation, but urgency is stressed for on-premise partners. Huntress security researchers already created a bypass proof-of-concept exploit. CISA, NSA, and MS-ISAC have issued a joint advisory on attackers using RMM software for malicious purposes.
Based on the meeting notes provided, it is clear that there are several critical security vulnerabilities impacting ScreenConnect servers. ConnectWise has issued warnings to its customers, advising them to patch their servers immediately to address these vulnerabilities. The vulnerabilities include an authentication bypass weakness that can lead to remote code execution attacks and a path traversal vulnerability in the remote desktop software.
It is essential for on-premise partners using vulnerable servers running ScreenConnect 23.9.7 and prior versions to update to ScreenConnect version 23.9.8 immediately. Huntress security researchers have developed a proof-of-concept exploit for the authentication bypass vulnerability, and they have identified numerous servers vulnerable to attacks.
Additionally, government agencies such as CISA, NSA, and MS-ISAC have issued advisories warning about the malicious use of legitimate remote monitoring and management software like ConnectWise ScreenConnect by threat actors for unauthorized access and data theft.
Immediate action is necessary to mitigate the identified security risks, and it is critical for affected parties to take the necessary steps to secure their servers against these vulnerabilities.