Newly discovered bug in Automate, the tool formerly known as LabTech, will take down key components of the platform next month if not fixed
ConnectWise is urging users of its Automate remote monitoring and management (RMM) platform to apply a critical update to avoid a March 9 shutdown of the tool’s server, agents, and control center. The hot fix marks the second time in a week that ConnectWise has issued an unscheduled patch to address problems with its MSP-focused offerings.
The Lowdown: The critical Automate fix comes in response to an issue first raised last week by admins on the MSP Geek community forum. The problem lies in an encryption-related DLL in Automate that will stop working On March 9. A fix requires an update or patch of Automate Server, as well an update of all agents in the environment, the admins wrote.
The Details: In a Friday post on the company’s Critical Updates Web page, ConnectWise officials acknowledged the bug in the handling of “the transition to our new code signing certificate” and its potential to cause system failure. The vendor said it was continuing work to build and test solutions for all impacted versions of its RMM software.
The Impact: The bug affects the cloud version of Automate 2019.1 (19.0.1), as well as locally installed Automate version 12 patch 12 (12.0.12) and Automate version 12 patch 11 (12.0.11). Automate cloud users will be upgraded to 2019.2 next week to resolve the issue. Users of the on-premises version of Automate will receive e-mails explaining options for addressing the glitch, ConnectWise officials said.
Background: Automate’s problems weren’t the only things vexing ConnectWise last week. The company also had to push out an emergency update to address a two-year-old security vulnerability in its Manage PSA integration with Kaseya VSA RMM, something most MSPs thought had been solved long ago.
Security researcher Chris Bisnett at Huntress Labs posted Friday that the poorly implemented integration that allows ConnectWise PSA to handle Kaseya-generated support tickets, was likely responsible for a new series of attacks on MSPs and their end-user customers. At least one of those incidents reportedly resulted in the infection of some 2,000 managed endpoints with the infamous GandCrab ramsomware variant, as well as an MSP facing a multimillion-dollar ransom demand.
ConnectWise officials on their Critical Updates page last week blamed the lingering integration hole on partners that “may have installed the [original] update incorrectly.” The company said it was pushing out a new update to ensure the integration plugin is configured correctly.
The Buzz: “We take this issue seriously and have been working to build and test solutions for all impacted versions,” ConnectWise officials wrote of the Automate hot fix. “Failing to address this issue this month will result in the failure of agent and control center communication.”
With regard to the latest ConnectWise-Kaseya integration incidents, Huntress Labs’ Bisnett noted , “this type of attack is particularly devastating because the Kaseya RMM tool has remote administrative (SYSTEM) access to all managed endpoints leading to a quick and complete compromise of all customer assets.”
Channelnomics Point of View: Security has been top-of-mind among MSPs of late with regular reminders that third-party IT service providers are increasingly being targeted by hackers looking to compromise remote management platforms to gain access to systems and data of end-user organizations.