ConnectWise ScreenConnect 23.9.8 Advisory Alert: Tool for Vulnerability Check

Efficiently confirm and address ConnectWise ScreenConnect vulnerabilities with our guide and user-friendly tool.
ConnectWise ScreenConnect Advisory Alert Feature Image

Table of Contents

On February 19, 2024, ConnectWise issued a critical security advisory addressing two vulnerabilities impacting their ScreenConnect remote access software, widely used by the Managed Service Provider (MSP) community. Classified as “Critical” with a severity of “High”, these vulnerabilities pose a significant risk to their broader customer base of MSPs relying on ScreenConnect for remote management.

The disclosed vulnerabilities allow attackers to bypass authentication and gain remote code execution on vulnerable systems. This could grant them access to sensitive data, disrupt critical operations, and potentially compromise the networks of multiple organizations managed by a single MSP. Researchers warn that exploiting these vulnerabilities is relatively simple, and proof-of-concept exploits already exist, highlighting the urgency of immediate action.

While ConnectWise initially stated no evidence existed of these vulnerabilities being actively exploited, they later acknowledged reports of compromised accounts. This emphasizes the possibility that attackers may have already exploited the vulnerability before a patch was available, potentially compromising both MSPs and their customers.

Immediate Action Items

While ConnectWise has automatically patched cloud-based deployments, on-premises users remain at risk and need to urgently upgrade to the latest version. It is recommended to be on the latest version but 23.9.8 is the minimum version that remediates the reported vulnerabilities.   

Identifying Critical Vulnerabilities Is Stressful. We’re Here to Help!

We’ve developed a simple PowerShell tool that streamlines identifying servers requiring the recent ConnectWise ScreenConnect patch. This tool can save you valuable time and effort.

screenconnect-check 1

Download the tool here.

I Patched ConnectWise ScreenConnect – Am I Still At Risk?

Patching is the first step to address the vulnerability and the next is to confirm that the vulnerability has been fixed. You can run the tool again to verify that your system is no longer vulnerable.

Now that your  ConnectWise ScreenConnect instance is no longer vulnerable, it’s essential to acknowledge that your system might have been compromised during the vulnerable period.

  • Review the list of users created to identify any newly created users that you don’t recognize.
  • Ensure all security solutions are fully deployed and up-to-date across your entire organization and your customers’ networks. 
  • Proactively hunt for indicators of compromise (IOCs) that attackers might have left behind during the vulnerability window. 
  • Continuously monitor your network for suspicious activity that might indicate an adversary’s presence within your network or your customers’ networks.

Lumu identifies threats in your clients’ networks and helps MSPs automate responses using their existing cybersecurity tools. Request access today.

Subscribe to Our Blog

Get the latest cybersecurity articles and insights straight from the experts.

Share this post

RELATED POSTS

Security operator using the Lumu Portal Remotely
Technical

Optimize Security Operations in 3 Steps

Reading Time: 4 mins Security operations teams are increasingly inundated with alerts. Take a look at how Lumu can make your SOC more efficient in 3 easy steps.