Report an Incident

1-800-270-9034

New Vulnerability in Connectwise ScreenConnect

A new patch has been issued for CVE-2024-1709, a vulnerability present in Connectwise ScreenConnect, a remote access support tool that can be cloud or self-hosted.

A new patch has been issued for CVE-2024-1709, a vulnerability present in Connectwise ScreenConnect, a remote access support tool that can be cloud or self-hosted. ConnectWise also suspended non-patched versions of the tool to avoid further exploitation. Companies are urged to upgrade to the latest version immediately.

CVE-2024-1709 does not require a high level of skill to exploit, which increases the risk that this will be used by a large number of threat actors. CVE 2024-1708, a vulnerability that requires higher-level permissions for the exploit to be successful, was also patched in this release.

The vulnerability was first reported on February 13th. At the time, there was no evidence of exploitation and no details were released. However, earlier this week, MSPs reported increased activity targeting ScreenConnect. Associated indicators of compromise have been released by ConnectWise. Reports have also emerged of Lockbit exploiting the vulnerability, despite their operations being seized by law enforcement. This emphasizes the fact  that Lockbit affiliates may still be active.

In 2021, Kaseya’s RMM tool was compromised by the ransomware group, REvil. Despite a small number of Kaseya clients being compromised, the downstream effects were significant. The Kaseya attack has served as a warning to the MSP market and it is likely ConnectWise has this in mind as they take action on these vulnerabilities.

ConnectWise also took extra precaution and is allowing any users of ScreenConnect to upgrade to the latest version, even those without a maintenance contract. The decision to prioritize the security of their product above revenue is likely to pay dividends for their brand reputation.

Why is this important?

    • ScreenConnect has a large market share and any successful attack could have a significant impact on the SME market.
    • Around 4,000 instances of ScreenConnect are visible globally.
    • The vulnerability is in the small percentage of new vulnerabilities under active exploit and should be taken seriously.

What should you do?

    • Download the latest version of ScreenConnect or advise any clients running the tool to upgrade immediately.

Share the Article

Recent Articles

New SIM Swapping Attacks

According to new research, eSIM cards are being hijacked for cyber attacks. eSIM cards are remotely programmable chips that are stored within phones and other wearable devices.

Read More »
March 15, 2024
Scroll to Top

This website uses cookies to improve your browsing experience. By clicking accept, you consent to the use of cookies. To learn more about the cookies we use, visit our Privacy & Cookie Policy.

Accept Cookies

Certifications and Credentials

  • AWS Certified Solutions Architect – Associate
  • AWS Cloud Practitioner
  • Cellebrite and Paraben Certified Mobile Examiner
  • Cellebrite Certified Mobile Examiner (CCME)
  • Cellebrite Certified Physical Analyst and Certified Operator
  • Certified Access Data Forensic Analyst
  • Certified E-Discovery Specialist (ACEDS)
  • Certified Forensic Computer Examiner (CFCE)
  • Certified Forensic Examiner-Access Data (ACE)
  • Certified Hard Drive Repair Technician
  • Certified in SANS Windows Forensic Analysis (GCFE)
  • Certified Information Security Manager (Certified by ISACA)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Mac Forensics Analyst
  • Certified Public Accountant
  • Chief Information Security Officer (Certified by EC-Council)
  • Citrix Certified Integration Architect
  • CompTIA A+
  • AWS CompTIA Cybersecurity Analyst (CySA+)
  • CompTIA Linux+
  • CompTIA Linux+ / Linux Professional Institute Certified Linux Administrator (LPIC-1)
  • CompTIA Pentest+
  • CompTIA Cloud+
  • CompTIA Security+
  • Cyber Forensics and Incident Response certificate – Carnegie Mellon
  • Department of Defense Cyber Investigations Training Academy, Computer Forensic Examiner
  • EC-Council Computer Hacking Forensic Investigator Certification (CHFI)
  • EC-Council Computer Hacking Forensic Investigator Certification (CHFI)
  • EnCase Certified Examiner (EnCE)
  • FBI Certified Crisis Management Coordinator
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Forensic Examiner (GCFE)
  • GIAC Advanced Smartphone Forensics (GASF)
  • GIAC Information Security Fundamentals
  • GIAC Security Essentials (GSEC)
  • International Association of Computer Investigation Specialists (IACIS)
  • Licensed Member, California Bar Association
  • Magnet Certified Forensics Examiner (MCFE)
  • Microsoft Certified Professional (MCP)
  • Microsoft Certified Systems Engineer
  • Professional – Information Systems Security Architecture Professional (CISSP-ISSAP)
  • Professional – Information Systems Security Management Professional (CISSP-ISSMP)
  • Senior Professional Human Resources Certification
  • VMware Certified Professional

Report a New Incident

Your incident report has been submitted.