IT administrators are urged to immediately patch on-premises ScreenConnect servers due to active exploitation of a critical vulnerability, CVE-2024-1709, with a maximum CVSS score of 10.0. This authentication bypass bug allows for arbitrary code execution and sensitive data access without user interaction. ConnectWise, the software’s developer, also disclosed a path traversal vulnerability, CVE-2024-1708, with a CVSS score of 8.4. While cloud instances have been updated, on-premises installations require manual patching. The vulnerabilities pose significant risks, with potential for ransomware attacks, especially given the software’s widespread use and the trust placed in remote access tools.