Servcomm Service Status
Update - 3CX DesktopApp Security Alert - Mandiant Appointed to Investigate

https://www.3cx.com/blog/news/desktopapp-security-alert-updates/


Posted on March 30th, 2023 by Nick Galea, CEO, CTO & Founder, 3CX

Early this morning we informed our partners and customers that our electron windows app shipped in Update 7, version numbers 18.12.407 & 18.12.416, included a severe security issue. We since learned that Electron Mac App version numbers 18.11.1213, 18.12.402, 18.12.407 & 18.12.416 have also been affected. Fortunately, anti-virus vendors flagged the executable 3CXDesktopApp.exe and blocked it.

3CX Appoints Leading Incident & Forensics Company Mandiant
In response to this, 3CX has appointed Mandiant a renowned American cybersecurity firm and subsidiary of Google - and the market leader in threat intelligence. With their help we will be able to review this incident in full. Whilst their investigation is underway, we ask you to follow the instructions below immediately.

Ensure Your Server Has the Latest Update Installed
Customers on 3CX Hosted / StartUP - No action needed
3CX Hosted and StartUP users do not need to update their servers as we will be updating them over the night automatically. Servers will be restarted and the new Electron App MSI/DMG will be installed on the server. We recommend that you DO NOT install or deploy the Electron App. This update is only to ensure that the trojan has been removed from the 3CX Server where Desktop Apps are stored and in case any users decide to deploy the app anyway. During the restart there might be disruption for a few minutes while we restart your server.

Self-Hosted and On-Premise - Install update
For Self-Hosted and On-Premise follow these steps:

Launch Management Console
Go to Updates
Download Mac Desktop App - 18.12.422
Download Windows Desktop App - 18.12.422
On the Clients / Desktops
Uninstall the Electron App
Follow these steps to uninstall the Electron App for Mac or Windows

For Windows:

Start
Type “Control Panel”, Enter
Select “Programs and Features”
Find 3CX Desktop App, select and press “Uninstall”.
On Mac:

Go to “Applications”
Tap on “3CX Desktop APP”
Right click then “Move to Bin”
Ensure that it isn’t also present on Desktop otherwise delete it from there as well.
Empty the Bin
Use PWA instead of the Electron APP - Here's how
Install the Web Client as an app (PWA)

Login to the Web Client
You have two options:
Click on the OS icon below the user avatar. A new dialog will open, select “Web App (PWA)” and then hit the “Install” button.
OR click on the “Install button” (A screen with an arrow) located in the address bar and confirm. See the icon circled red in the screenshot.
To set the app to auto start:
On Google Chrome: Open your Chrome browser and type ‘chrome://apps’ into the address bar. Right click on “3CX” and enable “Start app when you sign in”.
On Microsoft Edge: On Edge, select to Auto-start in the dialog that appears after installation.
PWA only works on Google Chrome and Microsoft Edge - not on Safari or Firefox

You can read more in the Web Client user manual.

Avoid Using the Electron App Unless Absolutely Essential
In a day or two from now, we will have another Electron App rebuilt from the ground up with a new signed certificate. This is expected to be completely secure. We strongly recommend that you avoid using the Electron App unless there is absolutely no alternative. The Electron App update that we are releasing today is considered to be secure but there is no guarantee given that we only had 24 hours to make the necessary adjustments.

More Information to Come - Transparency Assured
We are still working to decipher the full extent of the attack and we promise full transparency as soon as we are clear on everything. We don’t want to jump the gun and make wrong assumptions. Please follow our forum and blog as well as our LinkedIn, Twitter, Facebook and Instagram pages as we’ll continue to update our customers and partners regularly.

Our Continued and Very Sincere Apologies
We continue to offer our very sincere apologies to all our partners and customers worldwide. The entire 3CX team continues to work around the clock.

Mar 30, 2023 - 10:41 PDT
Update - Update 30 March 2023 - 8:48 AM

3CX have released Desktop App version 18.12.422 to patch the security issue, please update the desktop app to this version as soon as possible

Mar 30, 2023 - 08:49 PDT
Monitoring - Dear Client,

3CX Security Notice - 30 March 2023

What is the issue, and what does it affect?

We regret to inform our customers that the 3CX Electron Windows App shipped in Update 7, with version numbers 18.12.407 & 18.12.416, includes a security issue. Anti Virus vendors have flagged the executable 3CXDesktopApp.exe and in many cases uninstalled it. Electron Mac App version numbers 18.11.1213, 18.12.402, 18.12.407 & 18.12.416 are also affected.

The issue appears to be one of the bundled libraries that were compiled into the Windows Electron App via GIT.
3CX are still researching the matter to be able to provide a more in depth response later today.

Here’s some information on what has been done so far.

What has been done to mitigate the impact by 3CX?

Domains Have Been Taken Down

The domains contacted by this compromised library have already been reported, with the majority taken down overnight. A github repository which listed them has also been shut down, effectively rendering it harmless.

It is worth mentioning - that this appears to have been a targeted attack from an Advanced Persistent Threat, perhaps even state sponsored, that ran a complex supply chain attack and picked who would be downloading the next stages of their malware. The vast majority of systems, although they had the files dormant, were in fact never infected.

New Windows App in Progress

Currently, 3CX are working on a new Windows App that does not have the issue. They have also decided to issue a new certificate for this app. This will delay things by at least 24 hours so please bear with them whilst this happens.

What can you do until the new desktop App is ready for release?

Use the PWA App Instead!

We strongly suggest that you use the 3CX PWA app instead. The PWA app is completely web based and does 95% of what the electron app does. The advantage is that it does not require any installation or updating and chrome web security is applied automatically.

The reason 3CX has two apps is that when the 3CX Electron App was released, the PWA technology was not available yet. Now it's mature and working really well. More information on how to install it here. One deficiency at this time is the lack of the BLF (Busy Lamp Field) Option in the PWA dial pad.


The Full 3CX security notice is available here - https://www.3cx.com/blog/news/desktopapp-security-alert/



Regards

Servcomm Support

Mar 30, 2023 - 07:30 PDT

About This Site

This page is dedicated to keeping you informed on status updates from Servcomm and our Supplier's services at a glance

SIP Services Operational
90 days ago
100.0 % uptime
Today
SIP Trunk Services Operational
90 days ago
100.0 % uptime
Today
3CX Hosting Services ? Operational
90 days ago
100.0 % uptime
Today
3CX Hosted Operational
90 days ago
100.0 % uptime
Today
OVH Hosting Operational
90 days ago
100.0 % uptime
Today
Digital Ocean Hosting Operational
90 days ago
100.0 % uptime
Today
Vultr Hosting Operational
90 days ago
100.0 % uptime
Today
Google Hosting Operational
90 days ago
100.0 % uptime
Today
Servcomm 3CX Private Cloud ? Operational
90 days ago
100.0 % uptime
Today
API & Management Operational
90 days ago
100.0 % uptime
Today
API Operational
90 days ago
100.0 % uptime
Today
Management Portal Operational
90 days ago
100.0 % uptime
Today
SMS / MMS Messaging Services Operational
90 days ago
100.0 % uptime
Today
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.
Past Incidents
Mar 30, 2023

Unresolved incident: 3CX Security Notice - 30 March 2023.

Mar 29, 2023

No incidents reported.

Mar 28, 2023

No incidents reported.

Mar 27, 2023

No incidents reported.

Mar 26, 2023

No incidents reported.

Mar 25, 2023

No incidents reported.

Mar 24, 2023

No incidents reported.

Mar 23, 2023

No incidents reported.

Mar 22, 2023

No incidents reported.

Mar 21, 2023

No incidents reported.

Mar 20, 2023

No incidents reported.

Mar 19, 2023

No incidents reported.

Mar 18, 2023

No incidents reported.

Mar 17, 2023

No incidents reported.

Mar 16, 2023

No incidents reported.