ConnectWise remote access tool hacked — security pros are saying it is bad, so patch now

Top remote access platform ConnectWise has confirmed finding, and patching, two critical security vulnerabilities in its ScreenConnect product. 

“Vulnerabilities were reported February 13, 2024, through our vulnerability disclosure channel via the ConnectWise Trust Center,” ConnectWise warned in a security advisory

“There is no evidence that these vulnerabilities have been exploited in the wild, but immediate action must be taken by on-premise partners to address these identified security risks.”

No data theft (yet)

Given the severity of the discovered vulnerabilities, ConnectWise has urged its customers to apply the patch without delay. At the same time, security researchers are up in arms, with some even describing the findings as an utter disaster, both for ConnectWise, and its customers.

The CVEs for the two flaws are yet to be assigned, but we do know that they’re impacting all servers running ScreenConnect 23.9.7 and older. They allow threat actors to mount remote code execution (RCE) attacks or grab confidential data from vulnerable endpoints. The attacks leveraging the flaws are low in complexity and don’t require user interaction.

In a subsequent update, the company said it “received updates of compromised accounts that our incident response team have been able to investigate and confirm.” 

A company spokesperson told TechCrunch it could not say how many customers were affected, but did stress that the majority of its clients (80%) use cloud-based environments which were patched within two days.

So far, the company’s seen no evidence of data exfiltration, either.

The news is the latest security worry for ConnectWise, which also found multiple vulnerabilities in its remote access solutions for small and medium-sized businesses (SMB) earlier this year.

More from TechRadar Pro