On-Premise Software
Security Vulnerability Notification
Updated:
The issue and
our response
Our customers’ security is our top priority, and we are committed to communicating actively and openly with customers to ensure they have the information they need to mitigate risks and continually strengthen their systems. This post outlines a vulnerability in our on-premise software, and the steps we took to address the situation.
After being alerted to a security vulnerability affecting our on-premise software, which was being actively exploited, we initiated our incident response protocol and appointed leading cyber security experts to support our response. We worked around the clock to address the situation as quickly as possible, identifying an interim workaround to mitigate the risk and proactively communicating with our on-premise customers to ensure they could implement the recommended steps.
A product upgrade was then developed and rolled out which included security enhancements to address the vulnerability.
We are grateful for collaboration from Microsoft’s Defender team throughout our response to this issue. We take cyber security seriously and our customer’s security is our top priority.
For further technical information, please see our technical blog here.
As always, our Customer Care team is available in real time to assist clients with any questions. Please do not hesitate to contact us via the portal.
Timeline
Security Risk Description – Our security team has detected a vulnerability in our on-premises software. At this time, we have no evidence to suggest that any customer data has been compromised. However, we believe in complete transparency and are committed to keeping you informed throughout this process.
Notification – We sent an email #1 to all on-premises customers explaining the potential security risk, and provided a detailed workaround for them to implement on their end to protect their data and accounts. We reiterated our customer care portal as the go-to for any assistance required.
Recommended Workaround – To mitigate this security risk, we recommend implementing the attached workaround without delay.
Next steps – Our development team is actively working on a security patch to address this vulnerability. We will notify you as soon as the patch is available and guide you through the process of applying it to your on-premises software.
Notification – We sent an additional email #2 to all on-premises customers requesting active confirmation that they implemented the workaround provided, as well as recommending that they proactively block specific IPs where previous malicious activities had been recorded by our security partners.
Required Workaround – To mitigate this security risk, you are asked to implement the attached workaround without delay. If you’ve already completed this step, please continue reading.
Next steps – Please contact us to confirm you‘ve completed these steps.
ACTIONS TO TAKE:
Remediation:
1- Implement the workaround.
To mitigate this security risk, you must implement the attached workaround without delay.
2- Confirm that you have implemented the workaround.
Please contact us to confirm you‘ve completed these steps via the Customer Care portal.
Investigate:
1- Organizations with publicly facing On-Premise SysAid Servers should immediately block and investigate the indicators of compromise (IOCs).
Please immediately investigate the IOCs to determine if they are present in your environment. A list of known IOCs revealed during the investigation can be found here and IPs to be blocked.
