University at Buffalo - The State University of New York
Skip to Content

Security Risk: Update AnyConnect for Windows

Published June 29, 2017

by Benjamin Blanchet

In June 2017, Cisco alerted customers of a vulnerability in their AnyConnect Secure Mobility Client VPN software for Windows, which could result in local cyberattacks. Download and install the latest version from the UBIT website to stay safe.

Staying Updated Across Devices

Photo

Benjamin Blanchet (UB student, Class of 2018) is an English major with an interest in journalism. After graduating from UB, he hopes to attend grad school and pursue a career writing about music and the arts. An Albany, NY native, Benjamin enjoys biking and reading in his spare time.

According to Cisco, this vulnerability only affects Windows machines. However, updates have been released across platforms, including Mac OS, Linux, iOS and Android.

You should know that the iOS app for iPhone and iPad is a completely new app, and not an update to the previous app (which is now called “Cisco Legacy AnyConnect”). That means you’ll need to install the new app from the Apple App Store, instead of updating the existing app, to benefit from the most secure version.

We Can Help

For help updating Cisco AnyConnect, or downloading and installing any free software from the UBIT website, contact the UBIT Help Center. Just visit www.buffalo.edu/ubit/help (where you can book an appointment with the Tech Squad), call 716-645-3542, or visit our Lockwood Cybrary or Abbott Hall locations.

What's The Risk?

The vulnerability comes from a defect in the way DLL files load onto AnyConnect. Faulty DLL files can then be created by attackers and installed in your computer’s system directories.

If an attack is properly executed, an attacker can access your Windows SYSTEM account, provided they also have access to your credentials.