Security Update

Posted on by Jean McCandlish

The following information was released by Act! today:

We recently became aware of a security vulnerability within Act! Pro, Act! Premium, and Act! Growth Suite software that may make it easier for a threat actor to gain unauthorized access to your system. To address this vulnerability, updates are available for supported versions of Act! See additional version and deployment-specific details below.

Act! Premium & Act! Growth Suite On-Premises Subscribers

To ensure the vulnerability described above is addressed, you will need to apply the appropriate update for your supported version as soon as possible. If you are currently running Act! v21 or earlier, you will need to upgrade to Act! v24 Update 4 to address this issue.

Updates are being made available for Act! v24, Act! v23, and Act! v22.1*. See Below for the release schedule and instructions.

Act! Premium & Act! Growth Suite Cloud Subscribers

To ensure the vulnerability described above is addressedan update is required for your supported version.

  • Customers who solely access Act! in the cloud (hosted by Act!) are no longer exposed to this vulnerability, thus no action is required.
  • Customers who sync a local instance of Act! to Act! in the cloud (hosted by Act!) must apply the appropriate update for their supported version on their local instance by April 19, 2022 in order to continue syncing.
  • Customers who sync a local instance of Act! via their own network (LAN, VPN, site-to-site internet sync) will not experience an interruption in sync services but remain at risk until they apply the appropriate update for their supported version.
  • Customers who host or sync their software via a 3rd party hosting provider should contact that provider immediately to discuss the appropriate remedy.

Updates are being made available for Act! v24, Act! v23, and Act! v22.1*. If you are currently running a local instance of Act! v21 or earlier, you will need to upgrade to Act! v24 Update 4 to address this issue. See below for the release schedule and instructions.

Pro & Premium Perpetual License Holders

To ensure the vulnerability described above is addressed, you will need to apply the appropriate update for your supported version as soon as possible. If you are currently running Act! v21 or earlier, you will need to upgrade to Act! v24 Update 4 to address this issue. Customers who host or sync their software via a 3rd party hosting provider should contact that provider immediately to discuss the appropriate remedy.

Pro Perpetual License Holders: Updates will be made available for Act! Pro v24 and Act! Pro v22.1*.

Premium Perpetual License Holders: Updates will be made available for Act! v24, Act! v23, and Act! v22.1*.

See below for the release schedule and instructions.

RELEASE SCHEDULE AND INSTRUCTIONS

Act! v24 Update 4 Available 4/19/2022

Act! v23 Update 7 Available 4/19/2022

Act! v22.1 Update 5 (Available 4/28/22)

INSTRUCTIONS: You can download and install using the links above, or install directly via Act! following the instructions below. If you would like us to take care of your system, you can also arrange a time to do so by clicking here: Book an appointment with me


1) Ensure the Act! application is closed

2) Right-click Act!

3) Select run-as-admin

4) Enter username and password details

5) Navigate to the Help Menu

6) Select Act! Notifications and follow the on-screen prompts to install the latest update.

Frequently Asked Questions

How was the vulnerability discovered and what have you done in response?

A vulnerability was recently identified in Act! via routine penetration testing. The Act! engineering team has reviewed, fixed and re-assessed the vulnerability with a third-party threat intelligence vendor. Updates that address this issue are being made available for Act! v24, Act! v23, and Act! v22.1*. See above for the release schedule and additional details.

Have there been any known data breaches as a result of the vulnerability?

No, we are not currently aware of any bad actors taking advantage of the vulnerability.

What versions are getting updates and why?

Per the Act! Support Obsolescence Policy, updates are being made available for supported versions of Act!*.

What do I need to do?

To ensure that this vulnerability is addressedan update for your supported version is required*See above for the remedy specific to your version and deployment method. If you are currently running Act! v21 or earlier, you will need to upgrade to Act! v24 Update 4 to address this issue. Customers who host or sync their software via a 3rd party hosting provider should contact that provider immediately to discuss the appropriate remedy.

How do I know which version of Act! I’m on?

To find the version of Act! you’re currently on, go to Help > About Act! in the top navigation of Act!.