On February 19th, ConnectWise issued a critical advisory disclosing two significant vulnerabilities (CVE-2024-1709 and CVE-2024-1708) present in all versions of on-premises ScreenConnect software prior to version 23.9.8. The severity of CVE-2024-1709, with its perfect CVSS score of 10 out of 10, underscores the gravity of the situation, necessitating immediate action to mitigate potential exploitation by malicious actors.
In response to this imminent threat, we proactively secured our systems by promptly patching our servers the same day we received the necessary updates from ConnectWise. Subsequent comprehensive scans across our network have not detected any signs of compromise within our systems.
Organizations, including our clients, may utilize multiple instances of ConnectWise ScreenConnect from various vendors. It is crucial to verify whether these instances from other vendors have been updated to ensure comprehensive security. Be assured, we have already identified and are addressing these instances to mitigate risks for our clients.
If you are not currently a Mytech client, we strongly urge you to contact your IT provider or internal IT staff immediately. Verify that all vulnerable instances of ScreenConnect have been successfully updated or removed to protect your systems from potential threats.
While we understand that implementing these security measures may cause inconvenience, please know that safeguarding the security of your systems remains our top priority. We appreciate your cooperation in this matter.
Should you have any further questions or concerns, please don't hesitate to reach out. Our team is here to support you every step of the way.
Stay productive and secure.