ConnectWise remote access tool hacked — security pros are saying it is bad, so patch now

ConnectWise vulnerabilities allow for remote code execution

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Topremote accessplatform ConnectWise has confirmed finding, and patching, two critical security vulnerabilities in its ScreenConnect product.

“Vulnerabilities were reported February 13, 2024, through our vulnerability disclosure channel via the ConnectWise Trust Center,” ConnectWise warned in asecurity advisory.

“There is no evidence that these vulnerabilities have been exploited in the wild, but immediate action must be taken by on-premise partners to address these identified security risks.”

No data theft (yet)

Given the severity of the discovered vulnerabilities, ConnectWise has urged its customers to apply the patch without delay. At the same time, security researchers are up in arms, with some even describing the findings as an utter disaster, both for ConnectWise, and its customers.

The CVEs for the two flaws are yet to be assigned, but we do know that they’re impacting all servers running ScreenConnect 23.9.7 and older. They allow threat actors to mount remote code execution (RCE) attacks or grab confidential data from vulnerable endpoints. The attacks leveraging the flaws are low in complexity and don’t require user interaction.

In a subsequent update, the company said it “received updates of compromised accounts that our incident response team have been able to investigate and confirm."

A company spokesperson toldTechCrunchit could not say how many customers were affected, but did stress that the majority of its clients (80%) use cloud-based environments which were patched within two days.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

So far, the company’s seen no evidence of data exfiltration, either.

The news is the latest security worry for ConnectWise, which alsofound multiple vulnerabilities in its remote access solutionsfor small and medium-sized businesses (SMB) earlier this year.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Red One isn’t perfect but it proves we need more action-packed Christmas movies