Every month when I feel like I'm sending in the mortgage payment for a chalet in The Alps to Huntress. I remind myself of days like this... Bravo once again to the team over there...
@@StevenLastname yeah, when you add in the fact that they do managed AV with defender it actually is pretty reasonable... We just have a gazillion seats.. at the end of the day it's all about how good it does at detecting things and avoiding catastrophe.. well worth the insurance payment in my book....
@@LAWRENCESYSTEMS yeah I came stomping in the office telling everybody to get on it when I saw it online and they said " already patched, huntress alerted us hours ago"
Insurance is always a complete waste of money. UNTIL you need it. Then, if you haven't got it, it's a complete waste of time trying to get it.@@DPCTechnology
I had just updated the morning before the patch was released. I didn't hear about the exploit or need to patch until your livestream video, so thank you!
Thanks for this! I'm also one who's had the self-hosted version since 2011 (and I've paid for subscription updates each year). I had tried to patch my self-hosted instance back in Oct but the patch broke my setup for some reason. I restored back to the working version (yay backups!) and told myself to come back to it when I had more time to troubleshoot. Well, that time didn't come. I wasn't able to discern from the emails sent on the detail that they were invalidating the licenses for those not patched so I spent an inordinate amount of time yesterday getting patched to the current version. I got it working but thought I had actually been infected (running multiple scans with no results had me worried)....now I realize they just blocked my server from validating the license which blocked my access. So your video has eased my mind quite a bit! Thanks!
The MSP I work for uses screen connect (as our backup Remote access solution) our ITSec guys are awesome and all over it the day it was announced. Pushed a script to uninstall it from every computer in our Management tool and simply reinstalled with the latest version on the machines that still did need it for vendors. My condolences to those IT departments for local schools and stuff they are unlikely to be setup in a way to easily roll out such a change.
I updated because of the video you released on Tuesday, Thank you. I never received an email from screenconnect even though the email is in the users.xml file. This was a scary exploit
Great video. I do cringe every time I hear "on premise" though, hah. It always cracks me up how shortening premises to prem has made people think that it means premise.
@@LAWRENCESYSTEMS Ahh cool. To be honest I was slightly concerned, we had been using AnyDesk and with their recent breach decided to move. Most of the feedback I’d had suggested that SC was a good alternative, I was just about to buy it when the CVE was announced! I thought it was prudent to see how they handled it before deciding.
they refuse to update or patch the linux version.. because 3 years ago they stopped releasing new versions for linux. ..there are TONS of self hosted linux instances of screenconnect out there... windows based vps are alot more expensive than linux. Connectwise needs to do the right thing and patch their last linux release.
Thankful for your live stream the other was able to see the thumbnail and immediately patch our systems! Crazy teams don’t keep on the latest versions with the generous discount they offer to renew a license for such a powerful tool for them and bad actors
Thanks, Tom for the heads-up. I watched your live stream. I'm not sure how they're allowing the bypassing of existing license validation. I'm on version 6 from 2017 (like many - it worked and I didn't need the newer features) and it will not allow my to upgrade.
Every month when I feel like I'm sending in the mortgage payment for a chalet in The Alps to Huntress. I remind myself of days like this... Bravo once again to the team over there...
Yes, Huntress was right on top of this making them an easy source to cite.
Huntress is expensive, but definitely worth it in my opinion. They've saved my clients on a couple of occasions in the last couple years!
@@StevenLastname yeah, when you add in the fact that they do managed AV with defender it actually is pretty reasonable... We just have a gazillion seats.. at the end of the day it's all about how good it does at detecting things and avoiding catastrophe.. well worth the insurance payment in my book....
@@LAWRENCESYSTEMS yeah I came stomping in the office telling everybody to get on it when I saw it online and they said " already patched, huntress alerted us hours ago"
Insurance is always a complete waste of money. UNTIL you need it.
Then, if you haven't got it, it's a complete waste of time trying to get it.@@DPCTechnology
Your live stream saved my instance. Small restaurant company, was able to get it off before I could get hit. Thank you for your awesome content.
I had just updated the morning before the patch was released. I didn't hear about the exploit or need to patch until your livestream video, so thank you!
Thanks for this! I'm also one who's had the self-hosted version since 2011 (and I've paid for subscription updates each year). I had tried to patch my self-hosted instance back in Oct but the patch broke my setup for some reason. I restored back to the working version (yay backups!) and told myself to come back to it when I had more time to troubleshoot. Well, that time didn't come. I wasn't able to discern from the emails sent on the detail that they were invalidating the licenses for those not patched so I spent an inordinate amount of time yesterday getting patched to the current version. I got it working but thought I had actually been infected (running multiple scans with no results had me worried)....now I realize they just blocked my server from validating the license which blocked my access. So your video has eased my mind quite a bit! Thanks!
self-hosted server since 2014, one of the best tools I bought
But the Cloud! They all say it's easy and cheap! Any iterations. On the other hand what is yours is yours. More responsibility? Yes.
The MSP I work for uses screen connect (as our backup Remote access solution) our ITSec guys are awesome and all over it the day it was announced. Pushed a script to uninstall it from every computer in our Management tool and simply reinstalled with the latest version on the machines that still did need it for vendors.
My condolences to those IT departments for local schools and stuff they are unlikely to be setup in a way to easily roll out such a change.
Great that they were on top of it.
We appreciate your mission to raise security awareness. Thank you for keeping us informed.
I updated because of the video you released on Tuesday, Thank you. I never received an email from screenconnect even though the email is in the users.xml file. This was a scary exploit
It looks like nowadays everything that is as exposed as this would need automatic updates.
Spot on. Regrettably, I predict the company will just use this as an excuse to go cloud-only.
I think they took the best course of action, I really like that they are forcing people to upgrade
Hi Tom I'm amazed how you get informed of the new security issues, what sites are following or subscribe to?
I use FreshRSS and I have a lot of news sites ua-cam.com/video/wcof-Noho9Q/v-deo.htmlsi=_Ym3NNxBtaVz8293
Gracias por la informacion, saludos desde Colombia!
I appreciate your video :)
Do you have any info on the change healthcare hack?
Great video. I do cringe every time I hear "on premise" though, hah. It always cracks me up how shortening premises to prem has made people think that it means premise.
@Tom what solution are you using for your customers?
We use ScreenConnect / Connectwise Control
@@LAWRENCESYSTEMS Ahh cool. To be honest I was slightly concerned, we had been using AnyDesk and with their recent breach decided to move. Most of the feedback I’d had suggested that SC was a good alternative, I was just about to buy it when the CVE was announced! I thought it was prudent to see how they handled it before deciding.
Are you staying with ScreenConnect/Connectwise?
For now, yes.
@@LAWRENCESYSTEMS ok, cool, is it known who spotted this in the wild and reported it?
@@user-lm3ll1jp7f It was reported to Connectwise by someone who did not want to have their name known.
👍
Tom, Props for you to doing a PSA for events like this. You are a genuine asset to the IT community and their users everywhere. Thank you!
they refuse to update or patch the linux version.. because 3 years ago they stopped releasing new versions for linux. ..there are TONS of self hosted linux instances of screenconnect out there... windows based vps are alot more expensive than linux. Connectwise needs to do the right thing and patch their last linux release.
This shows the advantage of going with the SaaS version vs self-hosted, but I get there are pros and cons both types of platforms.
Thankful for your live stream the other was able to see the thumbnail and immediately patch our systems! Crazy teams don’t keep on the latest versions with the generous discount they offer to renew a license for such a powerful tool for them and bad actors
Thanks, Tom for the heads-up. I watched your live stream. I'm not sure how they're allowing the bypassing of existing license validation. I'm on version 6 from 2017 (like many - it worked and I didn't need the newer features) and it will not allow my to upgrade.