ConnectWise is warning prospects that it’s rotating the digital code signing certificates used to signal ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over safety considerations.
Digital certificates are used to signal executables so these downloading the information know they arrive from a trusted supply. This ensures that code has not been tampered with earlier than it reaches the top consumer.
In response to ConnectWise, the choice was taken after a third-party safety researcher raised considerations about how sure configuration knowledge could be abused by risk actors.
“We’re updating the digital signing certificates utilized in ConnectWise ScreenConnect, Automate, and RMM on account of considerations raised by a third-party researcher about how ScreenConnect might probably be misused by a foul actor,” reads an electronic mail seen by BleepingComputer.
“This potential misuse pertains to a configuration dealing with challenge with the ScreenConnect installer which might require system-level entry.”
ConnectWise underlines that the motion is unrelated to any safety incidents, particularly not the nation-state cyberattack it suffered final month.
“Along with issuing new certificates, we’re releasing an replace to enhance how this configuration knowledge is managed in ScreenConnect,” additional explains an advisory on its web site.
The certificates in query are issued by DigiCert, who initially had been going to revoke ConnectWise’s certificates on Tuesday, June 10 at 10:00 PM ET.  Nevertheless, ConnectWise was capable of get an extension to Friday, June 13, 2025, at 8:00 PM ET, possible as a result of the brand new ScreenConnect model 25.4 construct that makes use of the brand new certificates was not obtainable.
The motion will have an effect on each on-premises and cloud customers, who should meet the deadline to keep away from operational disruptions.
ConnectWise says the Automate construct is already out, whereas the ScreenConnect construct must be prepared quickly.
Customers are advisable to go to the seller’s ‘College web page’ to obtain the up to date builds and discover directions and FAQs.
These utilizing cloud-hosted variations of Automate, ScreenConnect, or RMM, ConnectWise will mechanically obtain updates to certificates and brokers, however the roll-out is going down progressively.
These customers ought to nonetheless examine that their brokers are updated earlier than June 13 to make sure uninterrupted service.
Whereas ConnectWise didn’t share particulars on why the certificates had been being rotated, Sophos researcher Andrew Brandt warned in April that risk actors had been utilizing phishing websites to push pre-configured ConnectWise shoppers disguised as Social Safety statements [VirusTotal].
“A spammer has been delivering a ConnectWise business distant entry consumer software as a payload in a rip-off that makes use of the purported arrival of a US Social Safety assertion as its hook,” defined Brandt on Mastodon.
Although these installers had been pre-configured with the attackers’s server, they nonetheless confirmed as digitally signed, including extra belief to the executable.
It’s unclear if assaults like this led to the rotation of the code signing certificates.
BleepingComputer contacted ConnectWise to ask if it was associated and to study extra about why the certificates had been being rotated, however we had been simply referred again to the advisory.
Patching used to imply advanced scripts, lengthy hours, and infinite hearth drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch sooner, cut back overhead, and give attention to strategic work — no advanced scripts required.
