好的,我现在需要帮用户总结这篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”之类的开头。首先,我得仔细阅读文章,抓住主要信息。 文章讲的是ScreenConnect软件的一个安全漏洞,编号CVE-2026-3564,影响了26.1之前的版本。这个漏洞可能导致未经授权的访问和权限提升。ScreenConnect是一个远程访问平台,常用于MSP、IT部门和支持团队。 攻击者可以利用这个漏洞提取ASP.NET机器密钥,进而进行非法会话认证。ConnectWise已经修复了这个问题,在26.1版本中加强了密钥保护。云用户已经自动升级,但本地部署的用户需要手动更新。 此外,有报告称中国黑客可能一直在利用这个漏洞,但ConnectWise目前没有证据表明该漏洞被积极利用。建议用户升级软件,并采取其他安全措施。 现在我需要把这些信息浓缩到100字以内。要包括漏洞名称、影响版本、可能的风险、修复措施以及建议行动。同时要保持语句简洁明了。 可能会这样组织:ScreenConnect存在安全漏洞(CVE-2026-3564),影响旧版本,可能导致未授权访问和权限提升。攻击者可提取密钥进行非法认证。修复版本为26.1,云用户已自动更新,本地需手动升级。建议加强配置文件访问控制、检查日志等。 </think> ScreenConnect存在安全漏洞(CVE-2026-3564),影响旧版本(<26.1),可能导致未经授权的访问和权限提升。攻击者可提取ASP.NET机器密钥进行非法会话认证。修复已在26.1版本中完成,云用户已自动更新,本地部署需手动升级。建议加强配置文件访问控制、检查日志异常活动等以降低风险。 2026-3-18 18:15:17 Author: www.bleepingcomputer.com(查看原文) 阅读量:7 收藏
ConnectWise is warning ScreenConnect customers of a cryptographic signature verification vulnerability that could lead to unauthorized access and privilege escalation.
The flaw affects ScreenConnect versions before 26.1. It is tracked as CVE-2026-3564 and received a critical severity score.
ScreenConnect is a remote access platform typically used by managed service providers (MSPs), IT departments, and support teams. It can be either cloud-hosted by ConnectWise or on-premise on the customer's server.
An attacker could exploit the security issue to extract and use the ASP.NET machine keys for unauthorized session authentication.
“If the machine key material for a ScreenConnect instance is disclosed, a threat actor may be able to generate or modify protected values in ways that may be accepted by the instance as valid,” reads the vendor’s advisory.
“This can result in unauthorized access and unauthorized actions within ScreenConnect.”
The vendor addressed this by adding stronger protection for machine keys, including encrypted storage and improved handling starting ScreenConnect version 26.1.
Cloud users have been automatically moved to the safe version, but system administrators managing on-premises deployments must upgrade to version 26.1 as soon as possible.
ConnectWise also stated that researchers observed attempts to abuse disclosed ASP.NET machine key material in the wild, so the risk from CVE-2026-3564 is tangible right now.
However, the vendor told BleepingComputer that it has no evidence of active exploitation in the wild as of writing, and therefore has no indicators of compromise (IoCs) to share with defenders.
“We do not have evidence that this specific vulnerability (CVE-2026-3564) was exploited in ConnectWise-hosted ScreenConnect, so we do not have any confirmed IOCs to share,” stated ConnectWise to BleepingComputer.
“We encourage any researchers who believe they have identified active exploitation to engage in responsible disclosure so findings can be validated and addressed appropriately.”
However, there are claims that the issue has been actively exploited by Chinese hackers for years, but it is unclear if the same security flaw was leveraged.
There have been in the past attacks from nation-state hackers that exploited CVE-2025-3935 to steal the secret machine keys used by a ScreenConnect server.
Apart from upgrading to ScreenConnect version 26.1, the software vendor also recommends tightening access to configuration files and secrets, checking logs for unusual authentication activity, protecting backups and old data snapshots, and keeping extensions up to date.
Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
如有侵权请联系:admin#unsafe.sh