FREE NEWSLETTER

GET EXCLUSIVE CONTENT

Free Newsletter Free Newsletter
reveal-banner-180px-x-150px-v1gif

iManage: Critical patch released for security vulnerability

Added on the 28th Jun 2019 at 2:00 pm
Share Button

iManage released a critical update on Wednesday with a fix for an iManage Work Server security vulnerability. Firms have been advised to apply the patch installer on all iManage on-premises environments with Work Servers running from 9.5 R2 through to 10.1.3.

Environments currently running 10.2.0 will need to upgrade to a new build (10.2.0.186), according to a statement on iManage reseller Kraft Kennedy’s website. This new build will ensure that future installations will include the fix.

Speaking to Legal IT Insider, Geoff Hornsby (pictured right), general manager at iManage said that the release of the patch was “not a big deal.”

“We run security scans on our systems regularly. We found a problem. We patched it. And we told the community what was going on,” Hornsby said. “This affects people who are on-premises because, obviously if they are in the cloud, we have already done the patch and there is no need to worry.”

Some CIOs at iManage clients that Legal IT Insider spoke to were aware of the problem, while others were not. But Hornsby said that clients had been contacted via the tech support site; that iManage had published the news on other sites including ILTA and that all CIOs were emailed at 8am this morning.

Hornsby said he was unable to discuss the exact nature of the problem or which clients are affected because to do so would “encourage hackers to chase particular pieces of software or client material.” This is reiterated by Kraft Kennedy in its above announcement, in which it says: “The iManage advisory further states that the company will not disclose what the vulnerability is until all customers are patched. This makes sense in light of something we have written about before called the “hacker roadmap concept.”

“It is very important to handle these things in a responsible way, which is what we have done,” Hornsby added. “The feedback we have had is that clients find the way we have handled this reassuring.”

Hornsby went on to say that he had 100 per cent confidence in iManage’s security strength. “Let’s be clear,” he said. “This is not a problem that a client has found. No-one has been attacked. There has been no loss of data. We have identified it, patched it and let people know.”

One iManage partner told Legal IT Insider: “This is the new world we live in and bad things have happened to organisations that don’t apply their patches in a timely fashion. But you can serve a very useful public service in ensuring that everyone is aware of the issue and the need to patch.”

Amy Carroll

2 Comments

  1. geoff Hornsby says:

    Thank you for publishing this. we live in a world in which security is king. We appreciate the way this has been reported and encourage all on premise clients to action this if they have not already done so. The lesson here for all vendors is that Legal Technology insider is part of the community information security channel and need briefing in the same way as our customers and partners.

    Any on premise client with questions should contact us.

  2. NC says:

    Refreshing to see an honest, prompt and proactive customer focussed approach. Please take note Legal IT vendor community.

Any Comment?