There was a recent security vulnerability (CVE-2024-1709) that affected ScreenConnect, a remote access tool that Logically and other providers use to provide you with IT support. ScreenConnect is a product of ConnectWise, a leading software vendor in the managed services industry.
On February 19th, ConnectWise disclosed a vulnerability in ScreenConnect that could allow an attacker to execute commands on the host machine of a ScreenConnect session. This vulnerability was discovered by a security researcher and reported to ConnectWise responsibly. ConnectWise released a patch for the vulnerability on the same day and notified its partners, including Logically.
Logically took immediate action after this was released to apply the patch to our ScreenConnect instances and ensure the security of our systems and your data. We can confirm that there is no evidence of any compromise or breach to Logically’s systems.
You may continue to see media reports about the impact of this vulnerability, as some publications are referencing specific malware variations that were used by threat actors during exploitation of the vulnerability. However, we want to assure you that the steps Logically took prevented any exploitation for the ScreenConnect instances we may be using to support you.
In addition, for clients who may have ScreenConnect through other vendors, we want to share some information from ConnectWise. ConnectWise patched its cloud instances of ScreenConnect prior to publishing the vulnerability, and for vendors who use on-premise ScreenConnect, ConnectWise took the additional step on February 22 of pausing functionality for unpatched instances.
We recommend that you reach out to any other partners who may use ScreenConnect in your environment and confirm that they have addressed the vulnerability. If you have any questions or concerns, please do not hesitate to contact us. We are committed to providing you with the best IT service and security possible.
For additional information, please review this blog post by ConnectWise: https://www.connectwise.com/blog/company-updates/responding-to-screenconnect-vulnerability
