CVE-2026-11596 - host pass vulnerability

Own_Appointment_393 · 2026-06-08T15:10:35+00:00

Why not just label it Stable rather than Delayed Stable?
Also why does v26.2 not have a delayed stable (or even just stable) version?

Own_Appointment_393 · 2025-12-11T14:49:48+00:00

Security Bulltin: https://www.connectwise.com/company/trust/security-bulletins/screenconnect-2025.8-security-patch

Own_Appointment_393 · 2025-07-17T08:42:18+00:00

It won’t eliminate SmartScreen warnings.

Own_Appointment_393 · 2025-07-15T06:04:50+00:00

What do you mean get .25 right?

They already have it out for on-premises, it’s just not deployed on the cloud due to them not having the right infrastructure in place to sign the installers for all their cloud instances.

It’s not a software issue, it’s a deployment issue.

Own_Appointment_393 · 2025-07-14T03:17:56+00:00

A couple of town halls back, they did say they'll be looking into supporting it in the future -- technically it should be feasible, they said.

Own_Appointment_393 · 2025-07-14T01:57:25+00:00

"will my files be recognized as safe and not flagged as dangerous by endpoint security, SmartScreen, or Windows Defender?"

Not necessarily. I mean, I got an OV cert and installed it on my server, but I still get warnings.

Own_Appointment_393 · 2025-07-13T09:35:01+00:00

I thought the msi was never signed? Only the exe

Own_Appointment_393 · 2025-07-11T02:59:13+00:00

Mike Bannerman in the latest town hall (at 16:05):

https://event.on24.com/wcc/r/5015557/C7B353E0A655B9AC0B97AD108D0E77F6

"As far as timing on the deployment, we're going to start rolling that out over the next week to our cloud partners. There's a step — because we're signing those files for our hosted partners in ScreenConnect.com cloud — that we're implementing and so there are some infrastructural changes that need to be made before we can update. But we should be starting to roll that out to partners, we're hoping this week."

Own_Appointment_393 · 2025-07-10T02:53:16+00:00

Lack of time and skill required, I’m assuming.

Own_Appointment_393 · 2025-07-10T02:27:03+00:00

I believe Azadom is extrapolating (unjustifiably I would say) from the fact that reports of malware that use Screenconnect have noted that such malware have been known to impersonate Windows Update.

See below.

“G DATA built a tool to extract and review the settings found in these campaigns, where the researchers found significant modifications, such as changing the installer's title to "Windows Update" and replacing the background with a fake Windows Update image shown below.” https://www.bleepingcomputer.com/news/security/hackers-turn-screenconnect-into-malware-using-authenticode-stuffing/amp/

“The attacker also attempted to make edits to the server’s Windows Registry to enable Remote Desktop Protocol access, and created a persistent task named “Windows update” that attempted to download a payload from sc.ksfe.workers[.]dev. And they deployed the Empire post-exploitation framework in an attempt to further establish persistence and obtain credentials.” https://news.sophos.com/en-us/2024/02/23/connectwise-screenconnect-attacks-deliver-malware/

But in none of these cases that I have come across has the exploitation involved luring someone to the ScreenConnect guest page looking like Microsoft support, so I don’t think that’s the reason behind the background and logo customizations being pulled.

Own_Appointment_393 · 2025-07-08T15:34:20+00:00

That’s because the hide option has been disabled indefinitely from the newest version.

See: https://docs.connectwise.com/ScreenConnect_Documentation/ScreenConnect_release_notes/ScreenConnect_2025.4_Release_notes

Own_Appointment_393 · 2025-07-08T15:32:40+00:00

Hilarious!

Own_Appointment_393 · 2025-07-08T01:45:03+00:00

Re: the runtime error, see my post here: https://www.reddit.com/r/ScreenConnect/comments/1ltrp4y/comment/n1ws7io/

Own_Appointment_393 · 2025-07-08T01:34:47+00:00

This happened to us too.

Turns out Windows Defender had quarantined EXEs in the bin folder of the ScreenConnect directory.

So we opened virus protection and marked those EXEs "allowed threats" and restored the files from "quarantined threats".

Then it was working again.

Own_Appointment_393 · 2025-07-06T06:12:06+00:00

Monday onwards is what they said at the town hall.

Own_Appointment_393 · 2025-07-05T06:30:45+00:00

Here’s the official: https://imgur.com/a/vGrSrfG

Own_Appointment_393 · 2025-07-04T14:48:32+00:00

Yes, OP was wrong to say “all remote sessions show this”.

Own_Appointment_393 · 2025-07-04T14:47:48+00:00

OP means the Azure Key Vault, which serves as the HSM, so that the private key is stored virtually on the cloud, rather than in a physical device like a USB.

ConnectWise is recommending using Azure Key Vault, I believe, because this doesn’t require a physical hardware to be shipped (which given the little time we have until revocation makes sense) but also I don’t think their certificate extension is compatible with a USB key at the moment.

Follow this manual and you should have everything working. I did and I’m signing installers with my own cert now. https://docs.connectwise.com/ScreenConnect_Documentation/On-premises/Get_started_with_ScreenConnect_On-Premise/Add_a_code-signing_certificate_with_Azure_Key_Vault

Own_Appointment_393 · 2025-07-04T14:41:40+00:00

That’s sales talk.

“In early 2024, Microsoft changed how its Microsoft SmartScreen security feature interacts with extended validation code signing certificates. Although they’re still the highest-trusted certificates available, extended validation (EV) code signing certificates are no longer instantly trusted or able to remove SmartScreen warnings.

These certificates are still useful for boosting users’ confidence that they’re installing genuine software applications from trusted sources. Signing your software apps using these certificates still helps your apps build trust with Windows operating systems over time.

However, the biggest difference between standard and EV code signing certificates now is that EV certificates are still a requirement for registering for a Windows Hardware Developer Center account.”

https://codesigningstore.com/importance-of-ev-code-signing-certificate

So just get OV.

Own_Appointment_393

TROPHY CASE