February 21, 2024 at 12:49PM
A critical RCE vulnerability in ConnectWise’s ScreenConnect requires urgent patching due to its severity. The exploit allows an attacker to compromise user accounts and gain admin access, potentially leading to RMM tool attacks. The company has released patches, urging immediate updates due to the high risk of attacks. Limited threat indicators are available for monitoring and defense.
Based on the meeting notes, it is clear that urgent patching is required for the latest remote code execution (RCE) vulnerability in ConnectWise’s ScreenConnect. The vulnerability has a maximum severity score and has been confirmed to be actively exploited, with working exploits developed by researchers. The vulnerabilities include an authentication bypass and a path traversal flaw, both with severe implications for potential attacks.
To address this issue, it is crucial for on-premise users to patch and update to ScreenConnect version 23.9.8 immediately. ConnectWise will also be releasing fixed versions of releases 22.4 through 23.9.7 soon. It is recommended to upgrade to the latest available version. Additionally, limited indicators of compromise in the form of IP addresses used by attackers are provided for threat hunting and cybersecurity monitoring.
Given the severity of the situation and the potential for attacks targeting remote monitoring and management tools, urgent patching is imperative as there are no temporary mitigation steps provided. It is also highlighted that there are currently around 3,800 vulnerable ConnectWise instances running, with the majority located in the US.