ConnectWise to Update Code Signing Certificates for ScreenConnect, Automate, and RMM

ConnectWise, a leading provider of remote management and cyber protection tools for managed service providers (MSPs), is set to implement a significant security update affecting ScreenConnect, ConnectWise Automate, and ConnectWise RMM.

The action, scheduled for June 13, 2025, at 8:00 p.m. ET, follows concerns raised by third-party security researchers regarding how earlier versions of ScreenConnect handled certain configuration data without any compromise detected in ConnectWise’s systems or digital certificates.

This move is part of ConnectWise’s robust response to evolving security standards and the proactive hardening of its products. Certificate rotation, a standard but critical security practice, helps minimize the risk of digital certificate misuse if a private key were ever exposed.

The certificates in question are used to digitally sign code and updates, ensuring that only legitimate, verified software is installed and updated on customer endpoints and servers.

Technical Analysis: What’s Changing and How it Works

Certificate Rotation and Product Updates

All affected ConnectWise products will receive new code signing certificates. This process involves:

• Replacement of Old Certificates: ConnectWise is generating and deploying new code signing certificates to its infrastructure.
• Software Updates: Both on-premises and cloud-hosted solutions will require action:
  • On-Premises Customers: Users must update to the latest build before June 13, 2025. For Automate, updates are available now. ScreenConnect updates are in progress and will be distributed shortly.
  • Cloud Customers: ConnectWise is handling updates automatically for Automate and RMM cloud instances. ScreenConnect cloud instances will receive updates as soon as builds are finalized and certified.

Code Signing and Verification

Code signing certificates are a core security control, binding the identity of the software distributor to the code. In practice, this means that, for example, ScreenConnect and Automate agents will no longer trust code signed with the old certificate. Here’s a simplified example of how such verification might look in code (using pseudocode for illustration):

python# Sample pseudocode for certificate verification in agent code
if verify_code_signature(module, current_cert):
    allow_execution(module)
else:
    log_alert("Invalid signature detected!")
    block_execution()

Configuration Data Management Improvements

ConnectWise is also updating how configuration data is managed within ScreenConnect. Previously, certain configuration data could be manipulated if not handled securely. The new updates introduce additional validation and integrity checks, ensuring that only valid configurations can be stored and loaded. For example:

text# Example of improved configuration data storage (conceptual)
{
    "config_key": "value",
    "signature": "<secure_signature_of_config_key_and_value>"
}

This ensures that even if configuration data is stored or transmitted, it cannot be tampered with without detection.

Preparing for the Update: Quick Start Guide for Admins

ConnectWise has made detailed instructions available through its University portal, including:

• Download links for latest builds
• Version compatibility matrices
• Step-by-step update instructions for on-premises customers
• Agent update verification for cloud customers

For on-premises environments, the update process is simple:

1. Download the latest build from ConnectWise University.
2. Install the update on management servers.
3. Ensure all agents are updated before June 13, 2025.

For cloud environments:

1. ConnectWise will automatically update certificates and agents.
2. Admin verification is recommended to confirm agents have received updates prior to the deadline.

Resources and Support

ConnectWise is committed to minimizing disruption and providing support throughout the transition:

• Updated FAQ and resources on the ConnectWise University page
• Live support chat for urgent issues
• Regular updates as the rollout progresses

ConnectWise’s decision to rotate code signing certificates and enhance configuration data management is a clear example of proactive security governance.

By requiring updates before June 13, 2025, ConnectWise is ensuring that its partners and customers continue to benefit from robust, secure remote management tools.

Both on-premises and cloud customers must act to ensure compliance and maintain uninterrupted service. For detailed instructions and support, visit the ConnectWise University portal.