Contact Us At
This is a developing story. We will continue to update this page as pertinent information emerges.
Summary
A new severity 10 security vulnerability (on a 1-10 scale) has been identified in one of the most popular tools that IT companies and MSP's use to remotely support their customers' computers. Strive's clients are not exposed to this threat.
Background
ScreenConnect is a very popular remote management program published by the company Connectwise. Many IT companies and MSP's use this software to remotely support their customers' computers. Connectwise was notified about two vulnerabilities that, when strung together, could allow an attacker gain full control of the Connectwise server. That means an attacker can get full control of the MSP's customers computers, stealing data, deploying ransomware, etc. The Severity 10 CVSS score is the most critical.
Connectwise quickly fixed these vulnerabilities for their cloud-hosted servers to prevent this attack from happening. However, not everyone is on their cloud system. Many MSP's run their own Connectwise servers in-house. Connectwise has released a patch for these servers as well, and done a great job of transparency and getting the word out. However, a great many unpatched Connectwise servers are still out there posing grave risk to MSP's and their customers
What You Need To Do
If you are a Strive customer:
Strive do not use Connectwise, so our customers are generally not susceptible to this attack. We have confirmed that the ScreenConnect is not present on any of our fully managed computers. Furthermore, our primary "intrusion detection" vendor has pushed out updates to alert us if the vulnerable version of this software is used in a suspicious way. While this vulnerability does not affect our vendors, we are using this example to update our security procedures and Incident Response Plan, should something like this happen to us in the future.
If you are not a Strive customer:
If your MSP has not contacted you already to explain this to you, get in touch with them right away. Ask if they run an in-house Connectwise server, and if so, whether it patched against this vulnerability. Do not let them say it's not important or they're waiting for the other MSP's to "work the bugs out." While this is a reasonable strategy for many updates, it is critical they install patch immediately. If your MSP does not use ScreenConnect, have them confirm that none of your computers have ScreenConnect installed on them. Sometimes, when companies move from one MSP to another, old remote control software still lingers, and you don't want to be caught up in someone else's mess. If you are concerned with the response of your MSP, please get in touch with us directly, and we can use our intrusion detection software to confirm you are not compromised. You can call us at (303) 963-2302, or fill out the form on this page.
More Information
If you would like to learn more about this incident, here are links to to Connectwise's security bulletin, as well as a detailed technical explanation of the exploit, as described by one of our cybersecurity vendors.
