ConnectWise is warning prospects that it’s rotating the digital code signing certificates used to signal ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over safety considerations.
Digital certificates are used to signal executables so these downloading the recordsdata know they arrive from a trusted supply. This ensures that code has not been tampered with earlier than it reaches the tip person.
In line with ConnectWise, the choice was taken after a third-party safety researcher raised considerations about how sure configuration knowledge may be abused by menace actors.
“We’re updating the digital signing certificates utilized in ConnectWise ScreenConnect, Automate, and RMM because of considerations raised by a third-party researcher about how ScreenConnect may doubtlessly be misused by a foul actor,” reads an e-mail seen by BleepingComputer.
“This potential misuse pertains to a configuration dealing with situation with the ScreenConnect installer which might require system-level entry.”
ConnectWise underlines that the motion is unrelated to any safety incidents, particularly not the nation-state cyberattack it suffered final month.
“Along with issuing new certificates, we’re releasing an replace to enhance how this configuration knowledge is managed in ScreenConnect,” additional explains an advisory on its web site.
The certificates in query are issued by DigiCert, who initially have been going to revoke ConnectWise’s certificates on Tuesday, June 10 at 10:00 PM ET. Nonetheless, ConnectWise was in a position to get an extension to Friday, June 13, 2025, at 8:00 PM ET, seemingly as a result of the brand new ScreenConnect model 25.4 construct that makes use of the brand new certificates was not obtainable.
The motion will have an effect on each on-premises and cloud customers, who should meet the deadline to keep away from operational disruptions.
ConnectWise says the Automate construct is already out, whereas the ScreenConnect construct must be prepared quickly.
Customers are really helpful to go to the seller’s ‘College web page’ to obtain the up to date builds and discover directions and FAQs.
These utilizing cloud-hosted variations of Automate, ScreenConnect, or RMM, ConnectWise will routinely obtain updates to certificates and brokers, however the roll-out is going down progressively.
These customers ought to nonetheless examine that their brokers are updated earlier than June 13 to make sure uninterrupted service.
Whereas ConnectWise didn’t share particulars on why the certificates have been being rotated, Sophos researcher Andrew Brandt warned in April that menace actors have been utilizing phishing websites to push pre-configured ConnectWise purchasers disguised as Social Safety statements [VirusTotal].
“A spammer has been delivering a ConnectWise business distant entry shopper utility as a payload in a rip-off that makes use of the purported arrival of a US Social Safety assertion as its hook,” defined Brandt on Mastodon.
Though these installers have been pre-configured with the attackers’s server, they nonetheless confirmed as digitally signed, including further belief to the executable.
It’s unclear if assaults like this led to the rotation of the code signing certificates.
BleepingComputer contacted ConnectWise to ask if it was associated and to study extra about why the certificates have been being rotated, however we have been simply referred again to the advisory.
Patching used to imply complicated scripts, lengthy hours, and infinite fireplace drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch sooner, cut back overhead, and deal with strategic work — no complicated scripts required.
