News Categories
RSS Feed
News
Jan
22
New Support Cases will Now be Created in Our New System
Posted by Sakari Heinonen (M-Files) on 22 January 2020 10:06 AM

We are excited to announce that we are transitioning our ticketing tool into a new system. Our need to provide world class service is our top priority, and as such, we need world class tools to get the job done. As we are embarking on this transition, the new ticketing system's customer portal is now ready to take on new accounts, and we've have closed off the ability to create new cases in the old system. You can find the new customer portal here: New M-Files Customer Portal

We welcome you to continue seeking our assistance by sending us an email to support@m-files.com which will create a new ticket in our new system, just as our old tool functioned. You can certainly look at your past cases in the old tool with your login here. We have only closed off the creation of new cases via this portal on the eve of the next phase.

Be on the lookout for a direct email coming to select stakeholders in your organization with information on getting a new account in our new portal, coming soon. All new cases generated will be viewed in the new portal while old cases can still be viewed here.

We look forward to providing you with the highest level of care with our new internal system.


Read more »



Jan
22
Important notice to M-Files customers about Microsoft IE vulnerability
Posted by Sakari Heinonen (M-Files) on 22 January 2020 09:48 AM

Microsoft has published a Security Advisory on January 17, 2020 about a vulnerability in a script engine used by Internet Explorer (%windir%\...\jscript.dll), used by M-Files by default. We have investigated the situation and the implications on M-Files, and have the following information and advice for M-Files users.

The likely exploitation of the CVE-2020-0674 vulnerability (jscript.dll vulnerability) is that a user who uses Internet Explorer visits a web site that contains malicious content that forces Internet Explorer to load the jscript.dll script engine and additionally contains malicious code that takes advantage of the vulnerability. If your users are not using Internet Explorer, the likelihood of an exploit is not high. There may be other ways to exploit the vulnerability even in such a case, but you are avoiding the typical exploit by not using Internet Explorer.

M-Files Desktop uses Windows Script Host, which uses jscript.dll. Even though M-Files Desktop uses the Microsoft component jscript.dll that has a vulnerability, we are not aware of a possibility of exploiting the vulnerability with M-Files Desktop. M-Files Desktop loads and executes only trusted code using jscript.dll, not arbitrary code or arbitrary web site content. Thus, you are not exposed to the known vulnerability if you continue to use M-Files Desktop.

Microsoft has advised that in order to mitigate the vulnerability in jscript.dll, customers can revoke access to the jscript.dll file. However, Microsoft is noting that this will likely break some applications that depend on jscript.dll. M-Files Desktop depends on jscript.dll and revoking access to jscript.dll causes M-Files Desktop not to be functional.

M-Files is working in cooperation with Microsoft to provide a permanent solution to the issue caused by the vulnerability in the Microsoft component jscript.dll. Until a permanent solution is available, we recommend the following workarounds:

A) Do not apply the mitigation steps provided by Microsoft. Instead, advise your end users to not use Internet Explorer. The users can continue to use M-Files Desktop. Note that there is no guarantee that the vulnerability in jscript.dll could not be exploited in some other way, but we believe that avoiding the use of Internet Explorer is currently a safe enough workaround and enables you to continue using M-Files Desktop.

OR

B) Apply the mitigation steps provided by Microsoft, which will make M-Files Desktop non-functional. Use M-Files Web and M-Files Mobile until either Microsoft provides a fixed version of jscript.dll or another permanent solution from Microsoft or M-Files becomes available.

M-Files is working in cooperation with Microsoft to provide a permanent solution to the issue as soon as possible. The likely permanent solutions include receiving a fixed version of jscript.dll from Microsoft or modifying the M-Files Desktop application to use an alternative script engine instead of Microsoft's jscript.dll. We estimate that a permanent solution could be made available by January 31, 2020, but we cannot guarantee this because we are still in the early stages of investigation.

Please contact Customer Support if you have any further questions about this topic

Thank you,

M-Files Team


Read more »



Aug
2

We have identified an issue with M-Files Desktop client version 19.7.8028.5 that prevents accessing cached replica vaults. When a user with this Desktop client version tries to access cached replica vault, the user receives a following error message:

"This operation is not allowed for cached replica vaults."

The error message in Finnish: "Tämä toiminto ei ole sallittu välimuistireplikavarastoille."

The problem can be fixed by updating both replica server and M-Files server to M-Files 2018 Update 1908 (version 19.8.8114.7) or to a newer version. Also an alternative workaround exists. More information can be found in a support article here Connection issue when trying to connect cached replica vaults with M-Files Desktop client 19.7.8028.5


Read more »



Jun
12
M-Files executables use only SHA-2 code-signing
Posted by Sakari Heinonen (M-Files) on 12 June 2019 11:23 AM

In the past, M-Files executables have been dual-signed with both SHA-1 and SHA-2 code-signing algorithms for better backward compatibility. Due to weaknesses in SHA-1 algorithm and to align to industry standards, executables of M-Files Online June '19 Update and M-Files 2018 Update 1906 and later are going to be signed only with the more secure SHA-2 algorithm. While this should not cause any issues, according to Microsoft, some Windows 2008 R2 and Windows 7 computers that do not have the latest Windows updates installed may be affected.

If you encounter any issues on Windows 2008 R2 or Windows 7 computers when updating M-Files, please make sure that you have the latest Windows updates installed. If installing the latest Windows updates does not resolve the issue, do not hesitate to contact us at support@m-files.com.

More information can be found here:

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/3033929

https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus


Read more »



May
21
Cloud vault connection issue after May 19th update
Posted by Sakari Heinonen (M-Files) on 21 May 2019 11:10 AM

Some cloud vault customers have reported cloud vault connection issues after May 19th Cloud Vault update to version 19.5.7811.7.
A workaround is to re-establish the cloud vault connection from Document Vault Connections or to update to M-Files June 2019 update (version 19.6.7900.3).

More information can be found in a support article here Cloud vault connection issue after May 19th update


Read more »



Apr
29
Cloud vault connection issue with unpatched Windows 7 workstations and Windows 2012 Servers
Posted by Sakari Heinonen (M-Files) on 29 April 2019 05:34 PM

Cloud customers using unpatched Windows 7 workstations or Windows 2012 servers might have encountered cloud connectivity issues since April 28th, 2019 cloud update.

This is due to disabling soon-to-be deprecated and vulnerable TLS 1.0 and TLS 1.1 protocols on all M-Files Cloud Servers as per common data security recommendations. Network connections using TLS 1.0 or 1.1 will no longer be accepted by M-Files Cloud servers after the April 28 update.

You can find instructions on how to enable the required TLS 1.2 protocol and more about the issue in our support article:

Cloud Vaults unavailable with unpatched Windows 7 or Windows 2012 Servers

M-Files Cloud customers had been notified of this change prior to the update and instructed to enable TLS 1.2 on older operating systems in order to avoid disruptions in the service. Workstations running Windows 8/8.1, Windows 10 or newer Windows servers, as well as mobile and M-Files Web Access users were not affected by the change.


Read more »




Help Desk Software by Kayako case