ConnectWise is updating how it signs and configures tools like ScreenConnect and Automate, following recent concerns over how older versions handled setup data.
A researcher pointed out that some installation files included key settings, like callback URLs, in areas that weren’t protected by a digital signature. While that setup was originally meant to make customization easier, it now poses risks, especially for remote support software.
To reduce exposure, the company is changing how settings are stored and is swapping out the certificates used to verify the tools. These changes kick in around June 13, and anyone running on-premises versions of ScreenConnect or Automate is being urged to update their software and agents before the deadline to prevent disruptions. Cloud users won’t need to take action.
Although no breach has hit ConnectWise directly, there’s extra caution in the air. A recent attack used a zero-day vulnerability (CVE-2025-3935) to go after a small number of targets. It’s a reminder that hackers often rely on trusted tools to slip under the radar, a technique known as “living off the land” (LotL).
As a response, more remote access and admin tools are built and used, hoping to cut down on those risks before they turn into major problems.
