Vulnerabilities Found in Classroom Management Software

Although many students are returning to in-class learning, many others are still in a hybrid situation or fully remote at their own request. The rapid transition from in-school to the at-home learning setting has necessitated the use of classroom management software to manage online learning programs. The software of one of those companies, Netop Vision Pro, is used by teachers to push content to students, and allows them to share their screen with students. It is used by more than 9,000 school systems and three million teachers and students around the world.

Global security computer software company McAfee has reported that its researchers found four critical vulnerabilities in Netop Vision Pro software, including the ability of threat actors to plant malware and spy on users. The findings showed that network traffic between the teacher and the student was unencrypted and with no ability to activate encryption. According to McAfee, the vulnerabilities “allow for elevation of privileges and ultimately remote code execution, which could be used by a malicious attacker, within the same network, to gain full control over students’ computers.”

McAfee reported its research to Netop in December 2020, and in February 2021 Netop was able to deliver an updated version of the software, which patched many of the critical vulnerabilities except for encryption of network traffic. McAfee commended Netop on its “outstanding response and rapid development” of the patch in responding to the work of the researchers. If your school system is using Netop Vision Pro, it is important to check whether it has applied the updated version and followed Netop’s instructions.