BlackBerry-maker RIM has issued a software update to address a serious security flaw in its BlackBerry Desktop Manager software for Windows PCs. The company recommends all Desktop Manager users update the software immediately. BlackBerry smartphone users with Research In Motion’s (RIM) BlackBerry Desktop Manager software installed on Windows PCs–or Mac-based Windows virtual machines–should update the Desktop Manager software immediately, according to RIM. Any and all BlackBerry Desktop Manager versions prior to v5.0.1 contain a security flaw that could allow malicious parties to remotely execute code on unsuspecting users’ computers, RIM says. RIM BlackBerry Desktop Manager for PC From a RIM security advisory posted yesterday: SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe “If the malicious user performs an attack designed to decieve [sic] the legitimate user into clicking a link to a web site that appears to be from a trusted source, and the legitimate user chooses to access that site from the computer that is running the BlackBerry Desktop Manager, the user might be deceived into browsing to a web page that the malicious user has designed to perform remote code execution using the legitimate user’s privileges on the computer. The BlackBerry Desktop Manager does not need to be running for a malicious user to exploit this vulnerability.” The vulnerability is a critical one with a Common Vulnerability Scoring System (CVSS) rating of 9.3 out of 10, according to RIM. The specific problem-component within Desktop Manager is the Lotus Notes Intellisync DLL, which RIM says is included by default in all BlackBerry Desktop Manager installations. And the flaw can reportedly be exploited whether or not the DLL is used after installation. RIM has already released a software update to address the vulnerability, and users could receive automatic Desktop Manager notifications regarding the security fix, depending on which version of the software they employ. If you have not received an automatic update, or you chose not to update immediately, you should download and install the latest version of BlackBerry Desktop Manager from RIM’s website. RIM also listed the following workaround: “You can disable the Lotus Notes Intellisync functionality by unregistering the Intellisync component DLL, lnresobject.dll. Disabling the functionality prevents a malicious user from exploiting the vulnerability. To unregister the DLL on the computer running the BlackBerry Desktop Manager, at a command line enter the command: regsvr32 /u “C:Program FilesResearch In MotionBlackBerryIS71 ConnectorsLotus Notes5.0lnsresobject.dll” The Macintosh version of RIM’s BlackBerry Desktop Software does not appear to contain the flaw. Additional information on BlackBerry security can be located on RIM’s website. AS FREE CIO BlackBerry NewsletterGet better use out of your BlackBerry and keep up-to-date on the latest developments. Sign-up » Related content news CIO Announces the CIO 100 UK and shares Industry Recognition Awards in flagship evening celebrations By Romy Tuin Sep 28, 2023 4 mins CIO 100 IDG Events Events feature 12 ‘best practices’ IT should avoid at all costs From telling everyone they’re your customer to establishing SLAs, to stamping out ‘shadow IT,’ these ‘industry best practices’ are sure to sink your chances of IT success. By Bob Lewis Sep 28, 2023 9 mins CIO IT Strategy Careers interview Qualcomm’s Cisco Sanchez on structuring IT for business growth The SVP and CIO takes a business model first approach to establishing an IT strategy capable of fueling Qualcomm’s ambitious growth agenda. By Dan Roberts Sep 28, 2023 13 mins IT Strategy IT Leadership feature Gen AI success starts with an effective pilot strategy To harness the promise of generative AI, IT leaders must develop processes for identifying use cases, educate employees, and get the tech (safely) into their hands. By Bob Violino Sep 27, 2023 10 mins Generative AI Innovation Emerging Technology Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe