Screen Connect Vulnerability & Exploit Feb 2024 [YouTube Release]

Youtube Releases
1

Additional Resources:

Business Technicalities Channel

Connecting With Us

Lawrence Systems Shirts and Swag

►👕 Lawrence Systems

AFFILIATES & REFERRAL LINKS

Amazon Affiliate Store
:shopping_cart: Lawrence Systems's Amazon Page

Ubiquiti Affiliate
:shopping_cart: Ubiquiti Store

Gear we use on Kit
:shopping_cart: Kit

Try ITProTV free of charge and get 30% off!
:shopping_cart: https://go.itpro.tv/lts

Use OfferCode LTSERVICES to get 5% off your order at
:shopping_cart: Tech Supply Direct - Premium Refurbished Servers & Workstations at Unbeatable Prices

Digital Ocean Offer Code
��� DigitalOcean: AI-Powered Unified Inference Cloud Infrastructure

HostiFi UniFi Cloud Hosting Service
:shopping_cart: HostiFi - Fast and Reliable UniFi in the Cloud

Protect you privacy with a VPN from Private Internet Access
:shopping_cart: https://www.privateinternetaccess.com/pages/buy-vpn/LRNSYS

Patreon
:money_bag: https://www.patreon.com/lawrencesystems

2

Wait, so MSP’s have a screenconnect server sitting on the internet?? No tunnel or firewalled route?

That can’t be. Please tell me MSP’s have this server locked down. Patch asap, yes, but it shouldn’t be a “drop your fork and run out the door” emergency. Assuming it is locked down appropriately.

3

I believe you do not understand how Screenconnect works, and other MSP remote support tools.

It allows companies to manage / control clients machines remotely over a secure link.

You can not use vpn , client machines will roam between different locations and these all talk back to the hosted screenconnect server, or screenconnect hosted solution

Yes, the firewall will be locked down so that only required ports are open, but in this case the vulnerabilty is in the software

4

You are correct, I have not and did not use this back when I was in the industry.

I was thinking about desktop machines sitting on corp LANs. Roaming hosts would complicate things but those can be tunneled too. Basically, lock down to the LAN is my thought. And lock down the control plane to the trusted MSP machines, or a jump box. Is that not what MSP’s do?? Am I missing something obvious?

The LAN exposure from the client devices is still there, but it is a far smaller attack surface than the internet.