TLDR:
Key Points:
- Critical vulnerabilities found in ConnectWise’s ScreenConnect tool
- Threat actor potential could lead to a “firestorm”
Article Summary:
A principal security researcher at Huntress, John Hammond, has raised alarm about critical vulnerabilities discovered in ConnectWise’s ScreenConnect tool impacting MSPs. Hammond emphasized the severity of the threat, warning that even though there is no evidence of exploitation yet, immediate action needs to be taken to address the vulnerabilities that could allow remote code execution and compromise confidential data. ConnectWise has issued patches for cloud environments but on-premise partners are urged to update servers promptly.
ConnectWise is working proactively to mitigate the issue, with 80% of the ScreenConnect population already protected. However, there is concern that in the wrong hands, the vulnerabilities could lead to a serious attack with potential to compromise monitoring and management software. ConnectWise is collaborating with CISA to raise awareness about the vulnerabilities and ensure all partners are safe after patching.
Partners who have updated their servers have found the process easy and quick, with minimal downtime. However, there is a sense of urgency among the MSP community to patch vulnerabilities promptly to prevent exploitation. Jason Slagle, president of CNWR, emphasized the importance of immediate action to prevent a bad day for the industry and the potential for widespread exploitation in the future.