Screen Connect Vulnerability & Exploit Feb 2024 [YouTube Release]

Additional Resources:

Business Technicalities Channel

https://www.linkedin.com/in/lawrencesystems/

Connecting With Us

• Hire Us For A Project: Hire Us – Lawrence Systems
• Tom Twitter https://twitter.com/TomLawrenceTech
• Our Web Site https://www.lawrencesystems.com/
• Our Forums https://forums.lawrencesystems.com/
• Instagram https://www.instagram.com/lawrencesystems/
• Facebook Lawrence Systems | Southgate MI
• GitHub lawrencesystems (Lawrence Systems) · GitHub
• Discord lawrencesystems

Lawrence Systems Shirts and Swag

►👕 https://lawrence.video/swag

AFFILIATES & REFERRAL LINKS

Amazon Affiliate Store
Lawrence Systems's Amazon Page

Ubiquiti Affiliate
Ubiquiti Store United States

Gear we use on Kit
Kit

Try ITProTV free of charge and get 30% off!
Learn technology and pass IT certifications with ITProTV

Use OfferCode LTSERVICES to get 5% off your order at
Tech Supply Direct - Refurbished Tech at Unbeatable Prices

Digital Ocean Offer Code
��� DigitalOcean | Cloud Infrastructure for Developers

HostiFi UniFi Cloud Hosting Service
HostiFi - UniFi Cloud Hosting

Protect you privacy with a VPN from Private Internet Access
Buy VPN with Credit Card or PayPal | Private Internet Access

Patreon
lawrencesystems | creating Tech Tutorials & Reviews | Patreon

Wait, so MSP’s have a screenconnect server sitting on the internet?? No tunnel or firewalled route?

That can’t be. Please tell me MSP’s have this server locked down. Patch asap, yes, but it shouldn’t be a “drop your fork and run out the door” emergency. Assuming it is locked down appropriately.

I believe you do not understand how Screenconnect works, and other MSP remote support tools.

It allows companies to manage / control clients machines remotely over a secure link.

You can not use vpn , client machines will roam between different locations and these all talk back to the hosted screenconnect server, or screenconnect hosted solution

Yes, the firewall will be locked down so that only required ports are open, but in this case the vulnerabilty is in the software

You are correct, I have not and did not use this back when I was in the industry.

I was thinking about desktop machines sitting on corp LANs. Roaming hosts would complicate things but those can be tunneled too. Basically, lock down to the LAN is my thought. And lock down the control plane to the trusted MSP machines, or a jump box. Is that not what MSP’s do?? Am I missing something obvious?

The LAN exposure from the client devices is still there, but it is a far smaller attack surface than the internet.