Ensuring Security and Protection: ConnectWise Addresses ScreenConnect™ Vulnerability

| By:
Ciaran Chu

At ConnectWise, the security and protection of our valued partners is our top priority. We take great care to maintain a secure environment for our community, and we are committed to promptly addressing any vulnerabilities that may arise.

On February 13, an independent researcher reported a ConnectWise ScreenConnect™ vulnerability through our vulnerability disclosure process and the ConnectWise Trust Center.

The ConnectWise Trust Center: Your Hub for Security and Communication

The ConnectWise Trust Center serves as a central hub where we keep our partners informed about our security, privacy, and compliance measures. It is also a platform for timely communication regarding advisories and vulnerabilities that may impact our community, whether they directly affect ConnectWise products or not. We encourage partners to report security incidents and vulnerabilities through this platform.

Rapid Updates and Remediation Efforts

Given the rapidly changing nature of the industry, the ConnectWise Trust Center will be constantly updated and refreshed with the latest information. In response to the reported vulnerability, we have already posted a new advisory on the website.

Within 36 hours of confirming the vulnerability, we applied a manual mitigation for all Cloud partners (ScreenConnect, RMM & Automate/Hosted RMM). Completing this action meant that all Cloud partners were protected by February 16th without requiring us to do a version update meaning it would not reflect a version change for users.

Additionally, we then began upgrading all ScreenConnect and Automate/Hosted RMM Cloud partners to our latest 23.9 version which applies further hardening and reverts to our usual release process format. No further action is required from cloud partners using "screenconnect.com" cloud and "hostedrmm.com" instances.

On-premises partners are advised to promptly upgrade to the latest version of ScreenConnect to address the reported vulnerabilities. In an abundance of caution and for preventative and precautionary measures, ConnectWise security and engineering teams are actively disabling unpatched instances of on-prem ScreenConnect.

Taking Action: Patching and Upgrading

We strongly encourage on-premises ScreenConnect partners to patch their servers promptly. By implementing available patches or upgrades, partners can help prevent potential exploits and strengthen their security. We have provided an upgrade path for every on-premises partner, along with specific details and guidance on the upgrade process. Please reach out to us directly or refer to our official communications and resources for further assistance.

Our Commitment to Security

At ConnectWise, delivering and maintaining secure products for our partners is our utmost priority. Our dedicated teams have been working tirelessly to address the reported vulnerability through our vulnerability disclosure process. We appreciate the trust our partners place in ConnectWise, and we remain committed to providing the highest level of security and support.

A Collaborative Approach to Security

Protecting the security of the industry requires a collective effort. In addition to our own commitment to building products and services with a security-first mindset, we encourage members of the community to responsibly disclose any issues they may come across. We have had the privilege of working with exceptional partners, vendors, and researchers to ensure the highest security standards are followed. We look forward to continuing this tradition in the years to come.

Be diligent. Trust but always verify. For more information and to stay updated on our security measures, please visit our Trust Center at www.connectwise.com/company/trust. Together, we can create a secure and thriving environment for our partners.

Thank you for your continued trust in ConnectWise.