Listen to this story
IT service management software platform ConnectWise released a new security patch that protects users from potentially exposing thousands of servers to hackers and threat actors. The company’s flagship product, ConnectWise Control, is a popular cloud-based management program that allows technicians to perform remote access to computers and servers. It acts as the middle agent between two parties or between agents and customers.
The vulnerability, which could expose thousands of servers, has been fixed with the latest security patch. According to the threat research team at Huntress, the security flaw could have impacted the ConnectWise Recover backup and the disaster recovery product. Moreover, researchers claim that the vulnerability could have also affected the additional R1Soft server backup manager.
ConnectWise vulnerability explained
Cybersecurity professionals questioned the idea of publicizing the vulnerability and the patch on the same day last Friday. Over the weekend, many vulnerable servers may not receive patches, leaving them open and exposed to intrusions.
Whelp, wasn’t expecting this ConnectWise RCE to become public today. Guess we’ll publish on Monday how @HuntressLabs went from a researcher’s tweet to the ability to push ransomware through ~5,000 R1Soft servers that are exposed on Shodan. #staytuned https://t.co/HroDdZ5NYI pic.twitter.com/mHLu6zpwic
— Kyle Hanslovan (@KyleHanslovan) October 28, 2022
The research company’s CEO, Kyle Hanslovan, recommended ConnectWise Recover and R1Soft users to update to versions 2.9.9 and 6.16.4, respectively. Sources claim that Huntress’s security research demonstrated how the ransomware could have been used to compromise nearly 5,000 internet-exposed R1Soft servers. These servers were primarily located in areas in or around North America and Europe.
It is not the first time that ConnectWise was exploited by threat actors for their advantage. Last year, the notorious Noberus ransomware gang attacked the organization as threat actors often use it as a remote access program.
ConnectWise CISO, Patrick Beggs, stated that the company has informed the customers about the security patch and is encouraging them to update to the latest version. Those using the on-premises instances must install the patch as soon as possible.
While most businesses that utilize ConnectWise Recover do not require additional security measures to guard against the flaw, the company recommends deploying the fix as soon as possible.