Attacks

ConnectWise ScreenConnect 23.9.8 Advisory Alert: Tool for Vulnerability Check

Table of Contents

On February 19, 2024, ConnectWise issued a critical security advisory addressing two vulnerabilities impacting their ScreenConnect remote access software, widely used by the Managed Service Provider (MSP) community. Classified as “Critical” with a severity of “High”, these vulnerabilities pose a significant risk to their broader customer base of MSPs relying on ScreenConnect for remote management.

The disclosed vulnerabilities allow attackers to bypass authentication and gain remote code execution on vulnerable systems. This could grant them access to sensitive data, disrupt critical operations, and potentially compromise the networks of multiple organizations managed by a single MSP. Researchers warn that exploiting these vulnerabilities is relatively simple, and proof-of-concept exploits already exist, highlighting the urgency of immediate action.

While ConnectWise initially stated no evidence existed of these vulnerabilities being actively exploited, they later acknowledged reports of compromised accounts. This emphasizes the possibility that attackers may have already exploited the vulnerability before a patch was available, potentially compromising both MSPs and their customers.

Immediate Action Items

While ConnectWise has automatically patched cloud-based deployments, on-premises users remain at risk and need to urgently upgrade to the latest version. It is recommended to be on the latest version but 23.9.8 is the minimum version that remediates the reported vulnerabilities.   

Identifying Critical Vulnerabilities Is Stressful. We’re Here to Help!

We’ve developed a simple PowerShell tool that streamlines identifying servers requiring the recent ConnectWise ScreenConnect patch. This tool can save you valuable time and effort.

Download the tool here.

I Patched ConnectWise ScreenConnect – Am I Still At Risk?

Patching is the first step to address the vulnerability and the next is to confirm that the vulnerability has been fixed. You can run the tool again to verify that your system is no longer vulnerable.

Now that your  ConnectWise ScreenConnect instance is no longer vulnerable, it’s essential to acknowledge that your system might have been compromised during the vulnerable period.

  • Review the list of users created to identify any newly created users that you don’t recognize.
  • Ensure all security solutions are fully deployed and up-to-date across your entire organization and your customers’ networks.
  • Proactively hunt for indicators of compromise (IOCs) that attackers might have left behind during the vulnerability window.
  • Continuously monitor your network for suspicious activity that might indicate an adversary’s presence within your network or your customers’ networks.

Lumu identifies threats in your clients’ networks and helps MSPs automate responses using their existing cybersecurity tools. Request access today.

Recent Posts

  • Blog

Lumu & the MSP Community: 2024 in Review

Reading Time: 4 minsLumu has worked hand-in-hand with MSPs throughout a year that consolidated the…

4 days ago
  • Blog

Reflecting on 2024: Lumu’s Innovations in SecOps

Reading Time: 5 minsLumu’s 2024 SecOps advancements focus on automation and smarter threat detection, with…

6 days ago
  • Attacks

Lumu’s Detection & Response to a Real-World DNS Tunneling Attack

Reading Time: 7 minsThis is the story of a serious DNS tunneling attack on a…

1 week ago
  • Events

Cybersecurity Insights for MSPs: Lessons from IT Nation Connect 2024

Reading Time: 4 minsDiscover the top insights from Lumu’s pre-conference workshop at IT Nation Connect,…

4 weeks ago
  • Stories

Cybersecurity Trends 2025 and Beyond: Navigating AI-Driven Evasion Techniques and Autonomous Threats for Resilient Defense

Reading Time: 2 minsAs we move into 2025, AI-driven evasion and autonomous threats will redefine…

1 month ago
  • Trends

CISA Reveals How 12 Ransomware Gangs are Bypassing EDRs

Reading Time: 7 minsEndpoint Detection and Response (EDR) has a critical role in most companies’…

2 months ago