Managing your IT has become complex – contact Cornerstone.IT and learn how our Managed Services can help support the health of your network.

Cornerstone.IT NIST 800 1710 Compliant
IT Security Alerts to Keep an Eye On:

Spring4Shell, Citrix CVEs, iManage Certificate Expirations

April 13, 2022

Contact Cornerstone

The following alerts were issued — (click or tap to expand)

Spring4Shell

Spring4Shell critical security alert – targeting Java Script Framework
Some products being affected:

Citrix Security Advisory – Multiple CVE

Citrix StoreFront Security Bulletin for CVE-2022-27503

Category: Medium

URL: Citrix StoreFront Security Bulletin for CVE-2022-27503

Citrix SD-WAN Security Bulletin for CVE-2022-27505 and CVE-2022-27506

Citrix recommends that affected customers upgrade to a fixed version as soon as possible. This issue has been addressed in the following supported Citrix SD-WAN versions

URL: Citrix SD-WAN Security Bulletin for CVE-2022-27505 and CVE-2022-27506

Citrix Gateway Plug-in for Windows Security Bulletin for CVE-2022-21827

Category: Medium

URL: Citrix Gateway Plug-in for Windows Security Bulletin for CVE-2022-21827

Citrix Endpoint Management (XenMobile Server) Security Bulletin for CVE-2021-44519, CVE-2021-44520, and CVE-2022-26151

Category: Medium

URL: Citrix Endpoint Management (XenMobile Server) Security Bulletin for CVE-2021-44519, CVE-2021-44520, and CVE-2022-26151

iManage Certificate Expirations

ADVISORY: Update required to address https://my.imanlocal.com certificate expiration on June 4, 2022 for versions 10.1.x to 10.6.x.xxx of Work Desktop for Windows by Tyler Walgren

Target audience:
  • Cloud customers running iManage Work Desktop for Windows 10.6 and earlier
  • On Premises customers running iManage Work Desktop for Windows 10.6 and earlier
On this page:
  • Issue
  • Background
  • Action
  • Follow for updates

Issue

On June 4, 2022, a certificate used by the Work Desktop for Windows application (certificate https://my.imanlocal.com) is set to expire for versions 10.1.x to 10.6.x.xxx.

Please review the table below of Work Desktop for Windows versions to verify the following information:

  • Affected and unaffected versions of Work Desktop for Windows
  • Date of certificate expiration

If your version of Work Desktop for Windows is affected and requires an update, please refer to the Action section below. Versions with a date of certificate expiration of June 4, 2022, 23:59:59 GMT require immediate attention.

VersionsAffected
(Yes or No)		Date and time of certificate expiration
(In GMT time)
10.7.x and laterNoStarting with version 10.7.x, Work Desktop for Windows no longer relies https://my.imanlocal.com for agent communication by default, and instead will use http://127.0.0.1 for communication from Work Web to the Agent Services.
10.1.x – 10.6.0.xxYesJune 4, 2022 23:59:59 GMT
10 – 10.0.2.xNoNo action required

Background

https://my.imanlocal.com is an iManage-registered url that is used for the internal loop-back communication between the iManage Work web application and iManage Work Agent. This url was previously used to work around a browser limitation that prevented the use of http://127.0.0.1 to direct internal loopback traffic back to the user machine. All modern web browsers (Chrome, Firefox, Edge Chromium) support using http://127.0.0.1, which eliminates the need for the https://my.imanlocal.com address.

NOTE: Internal desktop communication is used by iManage Work Web to communicate with iManage Work Desktop for Windows and as such, the http://127.0.0.1 call will never leave the user’s desktop machine.

Starting with Work Desktop for Windows 10.7.x, the client will default to using http://127.0.0.1 for Agent communications. All previous versions of Work Desktop for Windows use https://my.imanlocal.com by default.

If Work Desktop for Windows 10.6.x or older is being used with the default setting to use https://my.imanlocal.com when this certificate expires on your machine, the following iManage Work and iManage Work Desktop for Windows functions will no longer function as expected.

Document Actions:
  • Edit
  • Open in Protected View
  • Take Offline
  • Print
  • Share > Send Link, Send Document, or Send Both
  • More Actions > Checkout
Multiselect Actions:
  • Download
  • Take Offline
  • Print
  • Compare
  • Share > Send Link, Send Document, or Send Both
  • More Actions > Checkout
Email actions:
  • Reply
  • Reply All
  • Forward
  • Open
  • Print

Action

For environments with Work Web versions 10.2.6.61 and later and Work Desktop for Windows versions 10.7.x and later:

No action needed, these versions will use http://127.0.0.1 by default.

For environments with Work Web versions 10.2.6.61 and later and Work Desktop for Windows versions 10.2.4.71 up to 10.7.x:

1. Close all iManage Integrated applications.

2. Set the following registry configuration:

For x86 clients
Location:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\imanage\work\10.0\client\agent

For x64 clients
Location: HKEY_LOCAL_MACHINE\SOFTWARE\imanage\work\10.0\client\agent
Name: SecuredLocalHost
Type: DWORD
Values: 0
1 – (default) use https://my.imanlocal.com
0 – use http://127.0.0.1

3. Restart the iManage Agent Web Service from Task Manager > Services or from services.msc.

4. Restart the iManage Agent from the System Tray.

5. Refresh the Work Web Client in the browser.

For environments with Work Web versions 10.2.6.61 and later and Work Desktop for Windows versions prior to 10.2.4.71:

An upgrade to Work Desktop for Windows 10.2.4.71 or higher is required as the SecuredLocalHost setting was introduced starting with version 10.2.4.71.

If you are unable to upgrade to a required minimum version of Work Web or Work Desktop for Windows, please reach out to iManage Support for alternative options.

For environments with Work Web versions prior to 10.2.6.61 and/or Work Desktop for Windows versions prior to 10.2.4.71:

An upgrade to Work Web 10.2.6.61 or higher is required for the Work Web Client to be able to leverage http://127.0.01.
An upgrade to Work Desktop for Windows 10.2.4.71 or higher is required, as the SecuredLocalHost setting was introduced starting with version 10.2.4.71.

Follow for updates

If you have not already subscribed to receive iManage Support notifications, complete these two quick steps to stay informed regarding iManage Support news, advisories, upcoming events, and training:

  1. Open the iManage Support Announcements section of Help Center.
  2. Select Follow > New articles and comments.

In addition, follow this article for updates by clicking the Follow button at the top of the article.

Please Contact Cornerstone.IT for help remediating these vulnerabilities.

Cornerstone.IT