Screen Connect Vulnerability & Exploit Feb 2024 [YouTube Release]

Additional Resources:

Business Technicalities Channel

Connecting With Us

Lawrence Systems Shirts and Swag



Amazon Affiliate Store
:shopping_cart: Lawrence Systems's Amazon Page

Ubiquiti Affiliate
:shopping_cart: Ubiquiti Store United States

Gear we use on Kit
:shopping_cart: Kit

Try ITProTV free of charge and get 30% off!
:shopping_cart: Learn technology and pass IT certifications with ITProTV

Use OfferCode LTSERVICES to get 5% off your order at
:shopping_cart: Tech Supply Direct - Refurbished Tech at Unbeatable Prices

Digital Ocean Offer Code
��� DigitalOcean | Cloud Infrastructure for Developers

HostiFi UniFi Cloud Hosting Service
:shopping_cart: HostiFi - UniFi Cloud Hosting

Protect you privacy with a VPN from Private Internet Access
:shopping_cart: Buy VPN with Credit Card or PayPal | Private Internet Access

:moneybag: lawrencesystems | creating Tech Tutorials & Reviews | Patreon

Wait, so MSP’s have a screenconnect server sitting on the internet?? No tunnel or firewalled route?

That can’t be. Please tell me MSP’s have this server locked down. Patch asap, yes, but it shouldn’t be a “drop your fork and run out the door” emergency. Assuming it is locked down appropriately.

I believe you do not understand how Screenconnect works, and other MSP remote support tools.

It allows companies to manage / control clients machines remotely over a secure link.

You can not use vpn , client machines will roam between different locations and these all talk back to the hosted screenconnect server, or screenconnect hosted solution

Yes, the firewall will be locked down so that only required ports are open, but in this case the vulnerabilty is in the software

You are correct, I have not and did not use this back when I was in the industry.

I was thinking about desktop machines sitting on corp LANs. Roaming hosts would complicate things but those can be tunneled too. Basically, lock down to the LAN is my thought. And lock down the control plane to the trusted MSP machines, or a jump box. Is that not what MSP’s do?? Am I missing something obvious?

The LAN exposure from the client devices is still there, but it is a far smaller attack surface than the internet.