1-800-270-9034

New Vulnerability in Connectwise ScreenConnect

A new patch has been issued for CVE-2024-1709, a vulnerability present in Connectwise ScreenConnect, a remote access support tool that can be cloud or self-hosted.

A new patch has been issued for CVE-2024-1709, a vulnerability present in Connectwise ScreenConnect, a remote access support tool that can be cloud or self-hosted. ConnectWise also suspended non-patched versions of the tool to avoid further exploitation. Companies are urged to upgrade to the latest version immediately.

CVE-2024-1709 does not require a high level of skill to exploit, which increases the risk that this will be used by a large number of threat actors. CVE 2024-1708, a vulnerability that requires higher-level permissions for the exploit to be successful, was also patched in this release.

The vulnerability was first reported on February 13th. At the time, there was no evidence of exploitation and no details were released. However, earlier this week, MSPs reported increased activity targeting ScreenConnect. Associated indicators of compromise have been released by ConnectWise. Reports have also emerged of Lockbit exploiting the vulnerability, despite their operations being seized by law enforcement. This emphasizes the fact  that Lockbit affiliates may still be active.

In 2021, Kaseya’s RMM tool was compromised by the ransomware group, REvil. Despite a small number of Kaseya clients being compromised, the downstream effects were significant. The Kaseya attack has served as a warning to the MSP market and it is likely ConnectWise has this in mind as they take action on these vulnerabilities.

ConnectWise also took extra precaution and is allowing any users of ScreenConnect to upgrade to the latest version, even those without a maintenance contract. The decision to prioritize the security of their product above revenue is likely to pay dividends for their brand reputation.

Why is this important?

    • ScreenConnect has a large market share and any successful attack could have a significant impact on the SME market.
    • Around 4,000 instances of ScreenConnect are visible globally.
    • The vulnerability is in the small percentage of new vulnerabilities under active exploit and should be taken seriously.

What should you do?

    • Download the latest version of ScreenConnect or advise any clients running the tool to upgrade immediately.

Share the Article

Recent Articles

New SIM Swapping Attacks

According to new research, eSIM cards are being hijacked for cyber attacks. eSIM cards are remotely programmable chips that are stored within phones and other wearable devices.

Read More »
Scroll to Top

This website uses cookies to improve your browsing experience. By clicking accept, you consent to the use of cookies. To learn more about the cookies we use, visit our Privacy & Cookie Policy.

Report a New Incident

Your incident report has been submitted.