RIM has released a new security patch to fix a serious flaw within its BlackBerry Enterprise Server (BES) and BES Express for Microsoft Exchange, Lotus Domino and Novell GroupWise. BlackBerry-maker Research In Motion (RIM) is advising its BlackBerry Enterprise Server (BES) customers to immediately update their BES software, after a serious flaw was identified that could allow hackers or other miscreants to not only access BES resources, but also other non-BlackBerry related corporate network components.BlackBerry Torch 9800 with Padlock (Image Credit: Brian Sacco) The flaw, initial reported by RIM last week, received a 10.0 rating on the Common Vulnerability Scoring System (CVSS), the highest possible CVSS. I’ve been covering RIM and BlackBerry for years, and I’ve reported on many BES vulnerabilities, but this is the only flaw I can remember to receive such a high CVSS score. And it appears to affect a wide array of BES and BES Express versions for Microsoft Exchange, IBM Lotus Domino and Novell GroupWise. The vulnerability does not appear to affect many of the latest versions of BES, though, so you may not need to install the patch if you’ve been keeping up with RIM’s updates. From RIM: “Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process PNG and TIFF images for rendering on the BlackBerry smartphone. Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network. “To exploit these vulnerabilities in how the BlackBerry MDS Connection Service processes PNG and TIFF images, an attacker would need to create a specially crafted web page and then persuade the BlackBerry smartphone user to click a link to that web page. The attacker could provide the link to the user in an email or instant message.” Visit RIM’s security advisor page for more details. And pop over to the BES server downloads page to grab the security update. AS Via BerryReview Related content BrandPost Why CISOs Are Looking to Lateral Security to Mitigate Ransomware How to fight ransomeware attacks with lateral security By Adelino Simao Mar 27, 2023 2 mins VMware Feature State of the CIO, 2023: Building business strategy Despite a focus on core modernization and transformation work, 2023 State of the CIO respondents say CIOs are playing a strategic leadership role with impact that transcends IT. By Beth Stackpole Mar 27, 2023 11 mins CIO Business IT Alignment Digital Transformation Analysis Why data leaders struggle to produce strategic results A recent Gartner survey of data and analytics leaders found that fewer than half think their teams are effective at providing value to their organizations. Here’s how to change that equation. By Thor Olavsrud Mar 27, 2023 8 mins Chief Data Officer Data Management IT Leadership BrandPost How Infosys and Tennis Australia are harnessing technology for good By Veronica Lew Mar 26, 2023 6 mins Infosys Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe