AnyDesk Software GmbH recently announced that their production systems were compromised and that they are revoking code signing certificates prior to AnyDesk Windows version 8.0.8. As a best practice, whenever a code signing certificate is compromised, any executable in your environment signed with that certificate should be identified and removed immediately.
Here’s what you should do:
- Automox supports automated patching of AnyDesk, so we recommend checking your patch policies and implementing the latest AnyDesk patches immediately.
- Automox has written a script that can be immediately applied in your environment to find and remove AnyDesk Software. Find it here.
- We also recommend running the above scripts after patching to ensure that no other executables in your environment are signed with the same certificate.
These recommendations apply to everyone, regardless of whether you are an Automox customer or not.
Have questions? Concerns? Just upset this happened on a Friday afternoon? Feel free to rage in the comments.