CyberSecurity news
FlagThis
info@thehackernews.com (The@The Hacker News
//
ConnectWise is initiating a rotation of its ScreenConnect code signing certificates following security concerns identified by a third-party researcher. The issue revolves around how ScreenConnect handled specific configuration data in earlier versions, where configuration data was stored in an unsigned area of the installer. While this area is intended for customization, its coupling with remote control capabilities created a potentially insecure design pattern according to current security standards. The company emphasizes that this action is unrelated to the recent nation-state attacks affecting some of its customers.
ConnectWise is implementing an update to enhance the management of configuration data within ScreenConnect. The company said it's doing so "due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions." The rotation of digital certificates is set to take place by June 13 at 8 p.m. ET. ConnectWise is already updating certificates and agents across its cloud instances of Automate and RMM.
Users of on-premise versions of ScreenConnect or Automate are required to update to the latest build and validate all agents before the June 13th deadline to avoid potential service disruptions. ConnectWise acknowledges the challenges this may pose and has committed to supporting users through the transition. Connectwise customers who use the company’s ScreenConnect, Automate, and ConnectWise RMM solutions are urged to update all agents and/or validate that the update has been deployed by Friday, June 13 at 8:00 p.m. ET, or risk disruptions.
ImgSrc: blogger.googleu
References :
ConnectWise is implementing an update to enhance the management of configuration data within ScreenConnect. The company said it's doing so "due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions." The rotation of digital certificates is set to take place by June 13 at 8 p.m. ET. ConnectWise is already updating certificates and agents across its cloud instances of Automate and RMM.
Users of on-premise versions of ScreenConnect or Automate are required to update to the latest build and validate all agents before the June 13th deadline to avoid potential service disruptions. ConnectWise acknowledges the challenges this may pose and has committed to supporting users through the transition. Connectwise customers who use the company’s ScreenConnect, Automate, and ConnectWise RMM solutions are urged to update all agents and/or validate that the update has been deployed by Friday, June 13 at 8:00 p.m. ET, or risk disruptions.
ImgSrc: blogger.googleu
Share:
References :
- The Hacker News: ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
- Help Net Security: Connectwise is rotating code signing certificates. What happened?
- ciso2ciso.com: ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks – Source:thehackernews.com
- www.helpnetsecurity.com: Connectwise is rotating code signing certificates. What happened?
- www.scworld.com: Security
Classification:
- HashTags: #Cybersecurity #CodeSigning #SecurityUpdate
- Company: ConnectWise
- Target: ConnectWise Users
- Product: ScreenConnect
- Feature: code signing certificates
- Type: ProductUpdate
- Severity: Medium