ConnectWise Vulnerability Potentially Exposes Thousands of Servers to Attack

ConnectWise has unveiled updates that patch a critical vulnerability which could potentially expose thousands of servers to cyberattacks. The flaw impacts the ConnectWise Recover backup and disaster recovery product. It impacted the R1Soft server backup manager as well.

Cybersecurity experts called into question whether announcing both the vulnerability and the patch last Friday was a good idea. Many affected servers would likely remain unpatched over the weekend, leaving them exposed to attacks. (ConnectWise Recover users should update to version 2.9.9. R1Soft users should update to version 6.16.4.)

Huntress CEO Kyle Hanslovan said researchers at his company discovered the vulnerability.

According to reporting from Security Week, Hanslovan said Huntress experts demonstrated how they could push ransomware to nearly 5,000 internet-exposed R1Soft servers. Many of these are in North America and Europe.

“There’s also a possible supply chain impact considering that many of the affected systems belong to cloud hosting providers and MSPs,” Eduard Kovacs wrote.

ConnectWise has been exploited in previous attacks, including last year by Noberus, part of the ransomware family.

Patrick Beggs is CISO of ConnectWise.

“We have informed our [customers] of the fix and encouraged those with on-premises instances of the impacted product to install the patch as soon as possible,” Beggs told Dark Reading. (Dark Reading shares a parent company with Channel Futures.)

Most organizations using ConnectWise Recover don’t need to take further action to protect against the vulnerability; however, if “R1Soft is self-managed, we encourage these [customers] to apply the patch quickly,” the company said.