Security News > 2024 > February > Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!
ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems.
ConnectWise ScreenConnect is a remote desktop software solution popular with managed services providers and businesses they offer services to, as well as help desk teams.
ConnectWise ScreenConnect is also popular tech support scammers and other cyber criminals, including ransomware gangs.
In late 2022, ConnectWise disabled the customization feature for trial accounts for the cloud-hosted service, to prevent scammers from creating branded support portals and trick employees into joining a malicious remote access session.
Even though there is currently no evidence that these vulnerabilities have been exploited, ConnectWise says they are at a higher risk of being targeted by exploits.
"ConnectWise will also provide updated versions of releases 22.4 through 23.9.7 for the critical issue, but strongly recommend that partners update to ScreenConnect version 23.9.8.".
News URL
https://www.helpnetsecurity.com/2024/02/20/connectwise-screenconnect-vulnerabilities/
Related news
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)
- Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities (source)
- Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw (source)
- Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered (source)