Windows Server: Servers with ScreenConnect Version 23.9.7 or Lower [CWE-288/CWE-22]
submitted
M
Matthew Crowder
Checks to see if the server is running a ScreenConnect version that is 23.9.7 or lower. This will determine if the software needs to be upgraded to mitigate the recently vulnerability announced by ConnectWise: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8This query will work for our windows workstation inspector as well.
Software[? contains(Name,
ScreenConnect
) && DisplayVersion <= 23.9.7
].[Name, DisplayVersion, Upgrade to Version 23.9.8
]T
Ted Thueson
I've adjusted this to not fuzzy match "ScreenConnect" since this vulnerability does not apply to client installations (from my understanding). Obviously, it's good to check over the client versions as well, but this will further scope things down to catch only SC server installations.Software[?Name ==
ScreenConnect
&& DisplayVersion <= 23.9.7
].{"Name": Name,"DisplayVersion": DisplayVersion,"Action": Upgrade to Version 23.9.8
}