Microsoft Warns of Zero-Day Vulnerability in SysAid Exploited by Clop Ransomware

Hacker ransomware

SysAid, a popular IT service management software vendor, warned customers on Thursday of a zero-day vulnerability in its software that is being exploited by the Clop ransomware gang. The vulnerability, tracked as CVE-2023-47246, allows attackers to gain remote code execution on affected SysAid servers.

Key Highlights:

  • A zero-day vulnerability in SysAid IT service management software is being exploited by the Clop ransomware gang.
  • The vulnerability allows attackers to gain remote code execution on affected SysAid servers.
  • Microsoft’s Threat Intelligence team discovered the vulnerability being exploited in the wild and alerted SysAid.
  • SysAid has released a patch for the vulnerability and is urging customers to update their software immediately.

Hacker ransomware

Microsoft’s Threat Intelligence team discovered the vulnerability being exploited in the wild and alerted SysAid. Microsoft has also released guidance for SysAid customers on how to patch the vulnerability and mitigate the risk of attack.

According to SysAid, the vulnerability affects on-premise versions of its software version 20.1.7 and earlier. SysAid has released a patch for the vulnerability and is urging customers to update their software immediately.

How the Clop Ransomware Gang is Exploiting the Vulnerability

Microsoft said that attackers are exploiting the SysAid vulnerability to issue commands via the SysAid software to deliver a malware loader for the Gracewire malware. This is typically followed by human-operated activity, including lateral movement, data theft, and ransomware deployment.

What SysAid Customers Can Do

SysAid is urging customers to update their software to the latest version as soon as possible. Customers can download the latest patch from the SysAid website.

In addition to patching the vulnerability, SysAid customers should also implement other security measures, such as:

  • Enabling multi-factor authentication for all users
  • Implementing strong password policies
  • Keeping their software up to date
  • Monitoring their networks for suspicious activity

The exploitation of the SysAid zero-day vulnerability by the Clop ransomware gang is a reminder of the importance of cybersecurity. Organizations should take steps to patch all known vulnerabilities and implement other security measures to protect their systems from attack.

SysAid, a popular IT service management software vendor, warned customers on Thursday of a zero-day vulnerability in its software that is being exploited by the Clop ransomware gang. The vulnerability, tracked as CVE-2023-47246, allows attackers to gain remote code execution on affected SysAid servers.

Microsoft’s Threat Intelligence team discovered the vulnerability being exploited in the wild and alerted SysAid. Microsoft has also released guidance for SysAid customers on how to patch the vulnerability and mitigate the risk of attack.

According to SysAid, the vulnerability affects on-premise versions of its software version 20.1.7 and earlier. SysAid has released a patch for the vulnerability and is urging customers to update their software immediately.

About the author

Jamie

Jamie Davidson

Jamie Davidson is the Marketing Communications Manager for Vast Conference, a meeting solution providing HD-audio, video conferencing with screen sharing, and a mobile app to easily and reliably get work done."