Operate more efficiently, reduce complexity, improve EBITDA, and much more with the purpose-built platform for MSPs.
Protect and defend what matters most to your clients and stakeholders with ConnectWise's best-in-class cybersecurity and BCDR solutions.
Leverage generative AI and RPA workflows to simplify and streamline the most time-consuming parts of IT.
Join fellow IT pros at ConnectWise industry & customer events!
Check out our online learning platform, designed to help IT service providers get the most out of ConnectWise products and services.
Search our resource center for the latest MSP ebooks, white papers, infographics, webinars and more!
Join hundreds of thousands of IT professionals benefiting from and contributing to a legacy of industry leadership when you become a part of the ConnectWise community.
Join hundreds of thousands of IT professionals benefiting from and contributing to a legacy of industry leadership when you become a part of the ConnectWise community.
2/24/2024 | 4 Minute Read
Topics:
ConnectWise, in collaboration with CompTIA, held a live event streamed on Facebook, LinkedIn, and YouTube to address a critical vulnerability found in ScreenConnect software. The event, hosted by ConnectWise's CISO, Patrick Beggs, and CompTIA's Chief Community Officer, MJ Shoer, provided valuable insights into the vulnerability's timeline, potential impact, and actionable steps for partners to protect their businesses. In today's cybersecurity landscape, staying informed about such vulnerabilities is crucial for safeguarding your organization. Here is a recap of the informative discussion held during the event.
Through ConnectWise's Responsible Disclosure Program, a security researcher uncovered an authentication bypass flaw in certain versions of ScreenConnect. The identified vulnerability, referred to as CVE-2024-1709, has the potential to be exploited by unauthorized individuals. This flaw could allow them to bypass authentication measures and create administrative accounts on instances that are publicly exposed. In essence, this could enable these individuals to assume the role of a system administrator, potentially leading to the deletion of other user accounts and complete control over the affected instance.
The potential consequences of this vulnerability being exploited could be significant for managed service providers (MSPs) and their customers. If client systems being monitored and managed through ScreenConnect are compromised, it could result in the theft of credentials, data breaches, and further unauthorized access to networks. If threat actors get into the system, they may be able to disable security tools, create backdoors, and cause substantial disruption to remote monitoring and management processes.
Due to the severity of the vulnerability, ConnectWise responded immediately to protect their partners.
Beggs walked listeners through the timeline: “Within 24 hours, we validated the vulnerability discovered by an independent researcher and confirmed its existence. We immediately developed a fix for our cloud customers and applied it within 48 hours. Following, we released a patch for our on-premises customers to update immediately.”
“ConnectWise's response to this severe flaw deserves recognition,” according to Shoer. “They swiftly applied manual mitigations to cloud-hosted ScreenConnect instances and released a critical patch for on-premise users.”
ConnectWise went a step further to ensure businesses were safeguarded by suspending outdated ScreenConnect instances to render the vulnerability unexploitable while users implement the patch.
Shoer continued: “Their rapid and proactive response is commendable and highlights the importance of responsible disclosure and having a plan in place to address vulnerabilities.”
If your MSP has an on-premise license for ScreenConnect that is not patched, immediate action is required to protect your business.
Follow these steps:
Step 1: Patch ScreenConnect Instances: Visit the ConnectWise Trust Center for instructions on downloading and implementing the critical patch for on-premise versions. Cloud-hosted systems are already patched but verify this through your control panel.
Step 2: Reset Passwords and Enable MFA: Once patched, reset admin passwords and enable multi-factor authentication to enhance login security.
Step 3: Monitor Activity: Closely monitor ScreenConnect activity for any unusual activity that could indicate compromise, such as unfamiliar devices connecting or unusual administrator actions.
Step 4: Beware Phishing Attempts: Stay vigilant against phishing attacks that may exploit the vulnerability. Exercise caution when encountering emails with ScreenConnect-themed malicious links or attachments.
Step 5: Verify with Scans: Run vulnerability scans to ensure that your ScreenConnect instance does not have any lingering vulnerabilities open to exploitation.
The incident discussed during the LIVE event offers valuable insights for businesses to enhance their cybersecurity practices. Below are tips providing by the hosts:
By incorporating these key takeaways into their cybersecurity strategies, businesses can better protect themselves against potential threats and mitigate risks effectively.
If you require additional guidance or have questions, please reach out through the ConnectWise Trust Center. To learn more about the ScreenConnect vulnerability, you can reference the FAQ document.
Let's work together to protect our businesses and stay safe in the ever-evolving landscape of cybersecurity.