Security Update for Remote Support and Privileged Remote Access versions 23.2.1, 23.2.2

BeyondTrust takes the security of our products and our customers very seriously. That's why one of the many things we do on a continuous basis is partner with trusted third-party penetration testing organizations to ensure the strength of our software.

During a recent test, we discovered a critical security vulnerability (since published as CVE-2023-4310) that required immediate attention from our customers running Remote Support versions 23.2.1 and 23.2.2, as well as Privileged Remote Access Versions 23.2.1 and 23.2.2, which were launched within the last three months. Only customers running these versions were impacted.

The vulnerability was remediated immediately upon internal discovery. Starting on Friday, July 28, 2023, we:

• Issued a patch that was automatically deployed to all cloud customers, plus all on-premises customers who participate in our automatic critical update process.
• Emailed all impacted on-premises customers instructing them to install the available patch immediately.
• Posted a notification to the BeyondTrust customer support portal for all BeyondTrust customers to read.
• Contacted by phone every customer we could not confirm had been upgraded.

As of Thursday, August 3, we confirmed that 95% of affected customers have the patch installed. Our teams will continue to proactively email and call the small number of remaining customers to confirm that they have remediated the issue.

As always, BeyondTrust is committed to proactively addressing and rapidly communicating with customers regarding any issues with their products and services. Customers can visit the BeyondTrust customer support portal or contact our Support team with any questions or concerns. For any external party looking to report a bug or vulnerability, please visit our disclosure page.