University at Buffalo (UB)
Security risk: update AnyConnect for Windows
Published June 29, 2017 This content is archived.
by Benjamin Blanchet
In June 2017, Cisco alerted customers of a vulnerability in their AnyConnect Secure Mobility Client VPN software for Windows, which could result in local cyberattacks. Download and install the latest version from the UBIT website to stay safe.
Staying updated across devices
According to Cisco, this vulnerability only affects Windows machines. However, updates have been released across platforms, including Mac OS, Linux, iOS and Android.
You should know that the iOS app for iPhone and iPad is a completely new app, and not an update to the previous app (which is now called “Cisco Legacy AnyConnect”). That means you’ll need to install the new app from the Apple App Store, instead of updating the existing app, to benefit from the most secure version.
We can help
For help updating Cisco AnyConnect, or downloading and installing any free software from the UBIT website, contact the UBIT Help Center. Just visit www.buffalo.edu/ubit/help (where you can book an appointment with the Tech Squad), call 716-645-3542, or visit our Lockwood Cybrary or Abbott Hall locations.
What's the risk?
The vulnerability comes from a defect in the way DLL files load onto AnyConnect. Faulty DLL files can then be created by attackers and installed in your computer’s system directories.
If an attack is properly executed, an attacker can access your Windows SYSTEM account, provided they also have access to your credentials.