ConnectWise has announced a major security step as it is going to rotate the code-signing certificates used in several of its software products, including ScreenConnect, Automate, and RMM agents. This move comes after a third-party security researcher flagged a possible security concern that could be exploited by attackers.
The issue isn’t about any kind of breach or hack of ConnectWise’s systems. Instead, it’s a precautionary action. In older versions of ScreenConnect, a part of the installer contained configuration data that wasn’t signed or protected. This means someone could technically modify this section without breaking the digital signature, and that’s a security risk.
Even though the application itself was signed and looked legitimate, attackers could use this loophole to insert malicious instructions and trick the system into trusting the modified installer. While this was not exploited publicly, the potential was serious enough for ConnectWise to act fast.
When software is signed with a certificate, it tells users and security software that it’s authentic and hasn’t been changed. But in this case, attackers could have edited the installer’s config data without affecting the certificate’s validity. That makes it harder for antivirus tools or IT teams to catch something fishy.To avoid any misuse of their name and software, ConnectWise decided to replace the certificates used to sign its applications. This will help prevent the distribution of tampered files that still appear valid.
ConnectWise plans to revoke the current code-signing certificates on June 13, 2025, at 8 PM ET (12 AM UTC). After this, any software signed with the old certificates may no longer be trusted by Windows or endpoint security tools.If you’re a cloud-hosted ConnectWise customer, you don’t need to do much. ConnectWise will handle updates automatically, but you still need to make sure that your agents are updated before the revocation deadline.
However, on-premises users need to act quickly. You’ll have to manually download and install the latest versions of ScreenConnect, Automate, and other affected tools. ConnectWise has already released updated builds, and they’re available on the ConnectWise University portal.
If you don’t update your software in time, you may face problems, your systems might flag or block the older signed tools, which could interrupt daily operations or remote access.
The company is not only replacing certificates but also making technical changes to the installer. Going forward, the installer will store all configuration data in a secure, signed section, making this type of tampering impossible.
This change is happening quickly because of both the security concern and increased pressure from ConnectWise’s partners and security community. While it’s not tied to any recent breach, this move follows a separate incident involving nation-state attackers, which heightened awareness across the industry.
This situation is a great reminder that even small configuration issues can lead to big security gaps if left unchecked. ConnectWise is handling it in a responsible and transparent way by rotating certificates and improving its installer security.
If you’re using any of their tools, it’s important to follow their instructions and update your systems before June 13. Doing this will keep your operations smooth and your security intact.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
