ConnectWise is warning MSPs and customers about a security vulnerability with Automate, a widely deployed RMM (remote monitoring and management) software platform that has cloud and on-premises deployment models.According to a statement from the company:For ConnectWise Automate Cloud Partners: ConnectWise has applied mitigating controls to block any potential exploitation and has applied the hotfix across all environments as of 8:45 pm Eastern Time, June 10, 2020. The vast majority of partners are on Cloud 2020.5 -- which contains the hotfix. For the small majority that are not on Cloud 2020.5, a mitigation is in place and a hotfix push is imminent.For Connectwise Automate On-premises Partners: ConnectWise strongly urges Automate on-premises partners to run the 2020.5 release as part of a best practice to be on the most up-to-date version. Also, the company says:
"ConnectWise is aware of a vulnerability in a ConnectWise Automate API that could potentially allow a remote user to execute modifications within an individual Automate instance. This affects on-premise and cloud based versions of the product."
- On-premise partners should immediately consider the mitigating controls detailed here.
- Hotfix for version 2020.5 is available here and the .exe file is here.
- Hotfixes for older versions will be available in the coming days.
- On-going updates on these hotfixes are available here.
- Keep checking back for updates.
Also of Note
The June 10 alert follows a May 2020 warning about a ConnectWise Control phishing scam and ConnectWise Automate intrusion attempts. At the time of the May 2020 warnings, ConnectWise advised customers and partners to:- carefully inspect emails related to Control to determine if they're legitimate, and avoid clicking on phishing links; and
- upgrade to Automate 2020.1 or higher to ensure MFA (multi-factor authentication) is activated. (Though a best practice is to be on the most current Automate version -- 2020.5 -- ConnectWise notes.)
