ConnectWise asks customers to take action before it's too late.
ConnectWise is asking its customers to update their ScreenConnect servers urgently. The reason was a critical vulnerability that allows bypassing authentication and executing arbitrary code remotely.
Attackers can use this flaw to steal confidential data or deploy ransomware on compromised devices. Attacks can be carried out remotely and do not require user interaction.
The company also fixed a "path traversal" vulnerability in its remote desktop access software. However, this bug can only be exploited by hackers with extended privileges, so the danger was not so high.
All ScreenConnect servers of versions 23.9.7 and lower are under attack. Cloud-based ScreenConnect on screenconnect.com and hostedrmm.com they are already protected, and owners of local systems are encouraged to update the software to version 23.9.8.
Huntress researchers have already created an exploit to bypass authentication and found more than 8,800 vulnerable systems around the world.
Last month, CISA, the US National Security Agency and MS-ISAC issued a joint warning . It says that attackers are increasingly using legitimate remote monitoring and management programs, such as ScreenConnect, for criminal purposes.
Legitimate software helps hackers gain access to systems with the rights of ordinary users. This makes it fairly easy to bypass security features by hacking into other systems and devices.
As reported in ConnectWise, critical problems became known on February 13, 2024.
"So far, there is no evidence that anyone has exploited these vulnerabilities, but our partners using local servers should immediately take measures to eliminate the identified risks." — I comment on representatives.
ConnectWise is asking its customers to update their ScreenConnect servers urgently. The reason was a critical vulnerability that allows bypassing authentication and executing arbitrary code remotely.
Attackers can use this flaw to steal confidential data or deploy ransomware on compromised devices. Attacks can be carried out remotely and do not require user interaction.
The company also fixed a "path traversal" vulnerability in its remote desktop access software. However, this bug can only be exploited by hackers with extended privileges, so the danger was not so high.
All ScreenConnect servers of versions 23.9.7 and lower are under attack. Cloud-based ScreenConnect on screenconnect.com and hostedrmm.com they are already protected, and owners of local systems are encouraged to update the software to version 23.9.8.
Huntress researchers have already created an exploit to bypass authentication and found more than 8,800 vulnerable systems around the world.
Last month, CISA, the US National Security Agency and MS-ISAC issued a joint warning . It says that attackers are increasingly using legitimate remote monitoring and management programs, such as ScreenConnect, for criminal purposes.
Legitimate software helps hackers gain access to systems with the rights of ordinary users. This makes it fairly easy to bypass security features by hacking into other systems and devices.
As reported in ConnectWise, critical problems became known on February 13, 2024.
"So far, there is no evidence that anyone has exploited these vulnerabilities, but our partners using local servers should immediately take measures to eliminate the identified risks." — I comment on representatives.
