# ConnectWise ScreenConnect Vulnerabilities: What You Need to Know
## Introduction
On February 19, 2024, ConnectWise issued a security advisory regarding vulnerabilities in its ScreenConnect remote monitoring and management (RMM) software. This article delves into the details of these vulnerabilities, the potential risks they pose, and the necessary steps to mitigate them.
## Vulnerabilities and Risks
ConnectWise identified two critical vulnerabilities in older versions of ScreenConnect, namely CVE-2024-1709 and CVE-2024-1708. These vulnerabilities could allow attackers to execute remote code or compromise confidential data. Cloud-hosted instances have been updated, but on-premise deployments require manual upgrading to version 23.9.8 or later to mitigate the risks.
## Recommended Actions
It is crucial for organizations using ScreenConnect to confirm their deployment type and version, upgrade to the latest version if necessary, and conduct a thorough review for any signs of compromise. Additionally, third-party vendors should be contacted to ensure they have upgraded their instances. Failure to patch could result in exposure to exploitation attempts.
## Sophos Response
Sophos is actively monitoring the situation and has implemented detection rules to identify potential exploitation of ScreenConnect vulnerabilities. The company has also released prevention rules and network-based signatures to combat known threats. Sophos’ Incident Response team has published XDR queries on GitHub for further investigation.
## Key Points:
– Two critical vulnerabilities in older versions of ScreenConnect have been identified.
– Cloud-hosted instances have been updated, but on-premise deployments require manual upgrading.
– Organizations should confirm their deployment type, upgrade to version 23.9.8 or later, and conduct a review for signs of compromise.
– Sophos is actively tracking and responding to the ScreenConnect vulnerabilities with detection and prevention measures.
– Sophos’ Incident Response team has published XDR queries on GitHub for further investigation.
## Summary
ConnectWise’s security advisory highlights the critical vulnerabilities affecting ScreenConnect and the necessary steps to mitigate risks. Organizations are urged to upgrade to version 23.9.8 or later, conduct thorough reviews for compromise, and stay vigilant for any suspicious activity. Sophos is actively monitoring the situation and has implemented detection and prevention measures to combat potential threats.