ConnectWise has announced the rotation of digital code signing certificates for its products such as ScreenConnect and ConnectWise Automate due to security vulnerabilities identified by a third-party researcher. The issues relate to the storage of configuration data in an unsigned area of the installer, which could present security risks in remote control scenarios. New certificates will be issued by June 13, while customers using on-premise versions must update their systems to avoid service disruptions.
The revocation of digital certificates is expected to take place by June 13 at 8 p.m. ET, and does not involve a compromise of our systems.
Concerns arose regarding how ScreenConnect handled certain configuration data in earlier versions, leading to the decision to enhance security measures and rotate certificates.
Collection
[
|
...
]