ConnectWise announce ScreenConnect vulnerability, with admins urged to update on-prem servers to 23.9.8, immediately
: ScreenConnect 23.9.8 Update Here :
Earlier this week, critical vulnerabilities were disclosed by ConnectWise in their widely used remote desktop and access software, ScreenConnect, posing a serious security risk to organizations using versions 23.9.7 and earlier.
These unfortunate ScreenConnect vulnerabilities, now identified as CVE-2024-1708 and CVE-2024-1709, have already been exploited by attackers within the first day of disclosure. The first vulnerability is an authentication bypass issue, rated as maximum severity, while the second is a high-severity path traversal flaw. Both vulnerabilities allow attackers to gain unauthorized access and potentially take control of affected systems.
To mitigate these risks, administrators are urged to immediately update their on-premise servers to the latest version, 23.9.8. Cloud or hosted instances have already been updated and secured against these threats.
Threat actors have already successfully compromised multiple accounts, and crafting an exploit for these vulnerabilities appears to have been relatively straightforward, emphasizing the urgency for organizations to apply the necessary updates and for organizations to take their own precautions in preventing zero day attacks.
Initial analysis has revealed that the authentication bypass could be exploited through a specially crafted request, allowing unauthorized access to a setup wizard and enabling attackers to create new administrator accounts. Similarly, the path traversal flaw could be exploited to access or modify files outside of restricted directories, posing a significant threat to the integrity and confidentiality of the affected systems.
With over 8,800 vulnerable servers initially exposed, rapid response and remediation efforts are critical. Administrators who have not yet applied the security patches are strongly recommended to do so immediately and to review security logs for any signs of compromise. Taking swift action to address these vulnerabilities is crucial in protecting your organization’s digital infrastructure and sensitive data from potential cyberattacks.
Remote Desktop Tool Guidelines
The CISA.gov best practices for remote access cybersecurity tools consist of a comprehensive guide for all organizations that use remote access software, particularly MSPs. This ‘Guide to Securing Remote Access Software,’ with best practices, protections, and mitigations developed by CISA and the National Institute of Standards and Technology (NIST standards), is designed to help organizations protect against the most common cybersecurity threats, strategies, methods, and processes used by criminal groups and nation-state bad actors.