Privileged Remote Access 24.3.2 release notes
about 1 month ago by Jenny
February 4, 2025
Requirements
- Requires Base 7.3.0.
- Requires ECM 1.6.2.
- Requires Integration Client 1.7.5.
- Supports upgrades from PRA 23.3.4+.
- Before upgrading, ensure any SSL certificates used are either from a trusted Certificate Authority, or, for self-signed certificates, the certificate is either trusted on all endpoints or explicitly included in their installation.
Issues resolved
Important
This release includes important security fixes.
- Resolved issues from security advisory BT24-10 , CVE-2024-12356
- Resolved issues from security advisory BT24-11 , CVE-2024-12686
For more information, see BeyondTrust Remote Support SaaS Service Security Investigation.
| Product Area | Description | Resolution |
|---|---|---|
| Jump Zone Proxy | Jump Zone Proxy information was not correctly propagated when deploying a new Jump Client configured for a Jump Zone Proxy. After an upgrade, all Jump Clients connecting through a Jump Zone Proxy remained offline and stuck in a pending upgrade state. | The underlying issue was addressed, and the proxy configuration migration from NSIS to MSI now correctly writes to the expected section in the proxy.ini file. |
| Jump Clients | The migration algorithm that consolidates multiple installations on a machine into copies of a single installed Jump Client was overly aggressive, incorrectly merging machines. | The algorithm now considers both the hardware ID and software ID, along with the system’s reported MAC addresses, to determine which Jump Clients belong to the same machine. Additionally, Jump Clients that have been offline significantly longer than their potential merge counterpart will no longer be consolidated, preventing the unintended resurrection of inactive Jump Client entries. |
| Protocol Tunnel Jump | When using the BeyondTrust SRA Terraform Provider to modify a Protocol Tunnel Jump, an error stating "this field may not be updated" would occur because the tunnel_type variable was always sent. The same error occurred when modifying a Protocol Tunnel Jump via API outside of Terraform if tunnel_type was included in the request, even if its value remained unchanged. | Protocol Tunnel Jump items can now be edited with or without tunnel_type in the request body. |
| Jump Clients | The Jump Client service intermittently stopped when a laptop went to sleep, hibernated, or switched between wired and Wi-Fi connections. When this occurred, the service error, "The drive cannot find the sector requested" appeared in the event log, and the Jump Client showed as offline in the access console. | The Jump Client now remains online as expected. |
| Jump Clients | Upgrading to 24.3 could leave the database in a state that caused high CPU usage, slowing site performance while remaining functional. If a customer had an "Uninstalled" Windows Jump Client and later installed a new Jump Client, the upgrade incorrectly grouped them as copies. This unusual database state led to repeatedly syncing the Jump Clients in an endless loop. | A fix was implemented to update the restore-script SQL, ensuring uninstalled Jump Clients are ignored when grouping multiple installations. Additionally, logic was added to ungroup uninstalled clients from installed ones during startup. |
| RDP | The Bring Your Own Tool (BYOT) RDP screen recording allocated and freed a large buffer on every screen update, resulting in inefficient memory management. | A new reference is allocated, and the incoming buffer is assigned without additional allocation or deallocation, unless conditions like screen size or quality changes require a new buffer. |
| RDP | RDP authentication would fail when network level authentication (NLA) was turned off and the SecurityLayer registry key was set to 0. The customer would receive the error "RDP authentication failed" when attempting to connect. | RDP authentication now works as expected. |
| Web Jump | The HTTP login pop-up was not appearing during a Web Jump. | The HTTP login pop-up now appears as expected during Web Jumps. |