SysAid, a popular IT service management software vendor, warned customers on Thursday of a zero-day vulnerability in its software that is being exploited by the Clop ransomware gang. The vulnerability, tracked as CVE-2023-47246, allows attackers to gain remote code execution on affected SysAid servers.
Key Highlights:
- A zero-day vulnerability in SysAid IT service management software is being exploited by the Clop ransomware gang.
- The vulnerability allows attackers to gain remote code execution on affected SysAid servers.
- Microsoft’s Threat Intelligence team discovered the vulnerability being exploited in the wild and alerted SysAid.
- SysAid has released a patch for the vulnerability and is urging customers to update their software immediately.
Microsoft’s Threat Intelligence team discovered the vulnerability being exploited in the wild and alerted SysAid. Microsoft has also released guidance for SysAid customers on how to patch the vulnerability and mitigate the risk of attack.
According to SysAid, the vulnerability affects on-premise versions of its software version 20.1.7 and earlier. SysAid has released a patch for the vulnerability and is urging customers to update their software immediately.
How the Clop Ransomware Gang is Exploiting the Vulnerability
Microsoft said that attackers are exploiting the SysAid vulnerability to issue commands via the SysAid software to deliver a malware loader for the Gracewire malware. This is typically followed by human-operated activity, including lateral movement, data theft, and ransomware deployment.
What SysAid Customers Can Do
SysAid is urging customers to update their software to the latest version as soon as possible. Customers can download the latest patch from the SysAid website.
In addition to patching the vulnerability, SysAid customers should also implement other security measures, such as:
- Enabling multi-factor authentication for all users
- Implementing strong password policies
- Keeping their software up to date
- Monitoring their networks for suspicious activity
The exploitation of the SysAid zero-day vulnerability by the Clop ransomware gang is a reminder of the importance of cybersecurity. Organizations should take steps to patch all known vulnerabilities and implement other security measures to protect their systems from attack.
SysAid, a popular IT service management software vendor, warned customers on Thursday of a zero-day vulnerability in its software that is being exploited by the Clop ransomware gang. The vulnerability, tracked as CVE-2023-47246, allows attackers to gain remote code execution on affected SysAid servers.
Microsoft’s Threat Intelligence team discovered the vulnerability being exploited in the wild and alerted SysAid. Microsoft has also released guidance for SysAid customers on how to patch the vulnerability and mitigate the risk of attack.
According to SysAid, the vulnerability affects on-premise versions of its software version 20.1.7 and earlier. SysAid has released a patch for the vulnerability and is urging customers to update their software immediately.
