A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.
Cloud: No action is required. ScreenConnect servers hosted in
“screenconnect.com” cloud (standalone and Automate/RMM integrated) or
“hostedrmm.com” for Automate partners have been updated to remediate the
issue.
On-premise ScreenConnect Partners:
Please upgrade to ScreenConnect version 26.1. Visit Download
| ScreenConnect page to download and apply the update (access
requires a valid on-premises license).
- If your license is out of maintenance, you must upgrade your license https://docs.connectwise.com/ScreenConnect_Documentation/On-premises/On-premises_licensing/Renew_or_upgrade_an_on-premises_license before installing
the latest supported release of ScreenConnect.
- For
instructions on updating to the newest release, please reference this
doc: Upgrade an on-premise
installation - ConnectWise
Automate On-Prem Partners with ScreenConnect
Integration:
For partners using an on-premises ScreenConnect
installation integrated with Automate, ScreenConnect 26.1 is available through
the Automate Product Updates https://docs.connectwise.com/ConnectWise_Automate_Documentation/Automate_Product_Updates page.
Link to release
notes: ScreenConnect 26.1 / ScreenConnect https://screenconnect.product.connectwise.com/communities/26/topics/5088-screenconnect-261