ConnectWise software found to have severe security vulnerabilities, so be on your guard

ConnectWise flaw could be used to gain access to vulnerable devices

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

ConnectWise ScreenConnect has been found to carry a high severity vulnerability which allows threat actors to mount devastating attacks againstendpoints.

The flaw was detected and reported to ConnectWise by cybersecurity researchers from Gotham Security.

“If the vulnerabilities were left unaddressed, bad actors would have been able to gain access to all workstations and servers with ScreenConnect from a local network and then escalate their privileges to be local administrators on the affected systems,” the researchers explained, suggesting that no threat actors managed to exploit the flaw in the wild.

Remote access tools under assault

ScreenConnect is a cloud-based operations management solution that allows technicians to perform remote support, gain remote access and run remote meetings. Essentially, it’s a remote access tool used, according to Gotham Security, by tens of thousands of enterprise customers.

Remote access tools are often a target by cybercriminals who use it to gain an initial foothold into the victim’s network and deploy more dangerous malware.

In mid-November 2023, cybersecurity researchers from Huntress warned that attacks usingTDS’ instance of ScreenConnectwere about to escalate, mostly against healthcare organizations in the US. The researchers said hackers somehow obtained access to these instances and were using them to dropmalwareto endpoints belonging to two distinct organizations: one in the pharmaceutical sector and the other in healthcare. The only thing they have in common, the researchers stressed, is the ScreenConnect instance, as both endpoints are a Windows Server 2019 system.

In April last year, researchers observed hackers using Action1 RMM, an otherwise benign remote desktop monitoring and management solution, in their campaigns.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Just as any other remote management tool out there, Action1 is used by managed service providers (MSPs) and other IT teams to manage endpoints in a network from a remote location. They can use it to handle software patches, software installation, troubleshooting, and similar.

After it was made aware of the vulnerability, ConnectWise released a patch, which is now available for download.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption