Gotham Security Identifies ScreenConnect Vulnerability and Works with ConnectWise to Prevent Major Cyber-Attack

Jan 25, 2024

By Paul Ponzeka, Chief Technology Officer, Abacus Group

The elite team at our security partner, Gotham Security, recently discovered and rapidly resolved two critical vulnerabilities in the popular, self-hosted remote desktop software application, ScreenConnect, now owned by ConnectWise. Thanks to Gotham Security’s expertise and the positive way they and ConnectWise worked in partnership, any potential issues were alleviated, and the situation is now fully contained. 

Gotham Security discovered that when exploited in tandem, these vulnerabilities could potentially allow malicious actors operating on a local network, first to take over all devices located on that network that had ScreenConnect installed, and second to escalate their privileges to be local administrators on every device. 

Gotham Security quickly developed a technical write-up and disclosed the issues to ConnectWise, who rapidly responded. Within an hour, ConnectWise had triaged the vulnerabilities and assigned security engineers to replicate Gotham Security’s findings.

Later that same day, both findings were confirmed as valid. ConnectWise then initiated the development of a security patch, which has now been completed and rolled out to all relevant clients. An accompanying security advisory was also released. Throughout the process, ConnectWise engaged actively and professionally with Gotham, and both companies demonstrated a true best practice approach to cyber-security partnership.

It is a testament to their far-reaching technical expertise in cyber-security that Gotham Security found these vulnerabilities, something that eluded their boutique provider competitors. Their success in engaging with vendors and working in close partnership with them, as demonstrated by this case, is another key point of differentiation.

As a user of ConnectWise software and as Gotham Security's long-standing managed services security partner (MSSP), we were able to leverage our close relationship to quickly implement mitigation strategies that Gotham presented us with. This protected all of our customers while the patch was in development and underlines the value of the tight integration between an MSP and MSSP to deliver proactive security to customers at all times.

In one sense, the work done is simply standard best practice. It is a great example of the benefits of cyber-security specialists responsibly disclosing issues to vendors, who then work diligently in collaboration to address them. In line with that, we thank Gotham Security for its diligent work and ConnectWise’s timely and professional response. This collaborative disclosure process between all parties is helping to make remote access software more secure for organisations everywhere. 

If you require any further information, please refer to the technical document, ConnectWise ScreenConnect Remote Code Execution (RCE) and Local Privilege Escalation (LPE). 

Background image with financial charts and graphs on media backdrop

Learn more about how your investment firm can benefit from our flexible, scalable & secure IT services.

Contact Us