ConnectWise software found to have severe security vulnerabilities, so be on your guard

Representational image depecting cybersecurity protection

(Image credit: Shutterstock)

ConnectWise ScreenConnect has been found to carry a high severity vulnerability which allows threat actors to mount devastating attacks against endpoints.

The flaw was detected and reported to ConnectWise by cybersecurity researchers from Gotham Security.

“If the vulnerabilities were left unaddressed, bad actors would have been able to gain access to all workstations and servers with ScreenConnect from a local network and then escalate their privileges to be local administrators on the affected systems,” the researchers explained, suggesting that no threat actors managed to exploit the flaw in the wild.

Remote access tools under assault

ScreenConnect is a cloud-based operations management solution that allows technicians to perform remote support, gain remote access and run remote meetings. Essentially, it’s a remote access tool used, according to Gotham Security, by tens of thousands of enterprise customers.

Remote access tools are often a target by cybercriminals who use it to gain an initial foothold into the victim’s network and deploy more dangerous malware.

In mid-November 2023, cybersecurity researchers from Huntress warned that attacks using TDS’ instance of ScreenConnect were about to escalate, mostly against healthcare organizations in the US. The researchers said hackers somehow obtained access to these instances and were using them to drop malware to endpoints belonging to two distinct organizations: one in the pharmaceutical sector and the other in healthcare. The only thing they have in common, the researchers stressed, is the ScreenConnect instance, as both endpoints are a Windows Server 2019 system.

In April last year, researchers observed hackers using Action1 RMM, an otherwise benign remote desktop monitoring and management solution, in their campaigns.

Just as any other remote management tool out there, Action1 is used by managed service providers (MSPs) and other IT teams to manage endpoints in a network from a remote location. They can use it to handle software patches, software installation, troubleshooting, and similar.

After it was made aware of the vulnerability, ConnectWise released a patch, which is now available for download.

More from TechRadar Pro

Remote Access vs Remote Desktop: What's the difference?
Here's a list of the best firewalls around today
These are the best remote desktop tools on offer for your business

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.