In a proactive move to bolster security, a leading provider of software for IT professionals has undertaken the significant step of rotating its code signing certificates. This action comes in response to heightened security concerns following a recent incident where older certificates associated with one of their products, specifically related to remote support, were potentially compromised.
Code signing certificates are a critical security measure, acting as a digital signature that verifies the authenticity and integrity of software files. By rotating these certificates, the company aims to ensure that all subsequent software updates and installations are definitively validated, preventing malicious actors from signing harmful software with seemingly legitimate credentials.
This rotation impacts several key products within their suite, including solutions for remote monitoring and management, professional services automation, and remote support software. For continued seamless operation and to accept updates signed with the new certificates, partners and clients must ensure they are running the latest versions of the affected applications. Older versions might encounter errors or fail to recognize updates signed with the new, secure certificates.
The company is urging users to apply necessary updates promptly. Implementing these updates is crucial not just for functionality but primarily to maintain a strong security posture and protect against potential threats leveraging compromised older certificates. This measure is a vital step in reinforcing trust in their software delivery process and safeguarding the security of their ecosystem. It underscores the company’s commitment to addressing vulnerability risks and protecting its extensive user base.
Source: https://www.bleepingcomputer.com/news/security/connectwise-rotating-code-signing-certificates-over-security-concerns/
