RIM has released a new security patch to fix a serious flaw within its BlackBerry Enterprise Server (BES) and BES Express for Microsoft Exchange, Lotus Domino and Novell GroupWise. BlackBerry-maker Research In Motion (RIM) is advising its BlackBerry Enterprise Server (BES) customers to immediately update their BES software, after a serious flaw was identified that could allow hackers or other miscreants to not only access BES resources, but also other non-BlackBerry related corporate network components.BlackBerry Torch 9800 with Padlock (Image Credit: Brian Sacco) The flaw, initial reported by RIM last week, received a 10.0 rating on the Common Vulnerability Scoring System (CVSS), the highest possible CVSS. I’ve been covering RIM and BlackBerry for years, and I’ve reported on many BES vulnerabilities, but this is the only flaw I can remember to receive such a high CVSS score. And it appears to affect a wide array of BES and BES Express versions for Microsoft Exchange, IBM Lotus Domino and Novell GroupWise. The vulnerability does not appear to affect many of the latest versions of BES, though, so you may not need to install the patch if you’ve been keeping up with RIM’s updates. From RIM: “Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process PNG and TIFF images for rendering on the BlackBerry smartphone. Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network. “To exploit these vulnerabilities in how the BlackBerry MDS Connection Service processes PNG and TIFF images, an attacker would need to create a specially crafted web page and then persuade the BlackBerry smartphone user to click a link to that web page. The attacker could provide the link to the user in an email or instant message.” Visit RIM’s security advisor page for more details. And pop over to the BES server downloads page to grab the security update. AS Via BerryReview Related content opinion Website spoofing: risks, threats, and mitigation strategies for CIOs In this article, we take a look at how CIOs can tackle website spoofing attacks and the best ways to prevent them. By Yash Mehta Dec 01, 2023 5 mins CIO Cyberattacks Security brandpost Sponsored by Catchpoint Systems Inc. Gain full visibility across the Internet Stack with IPM (Internet Performance Monitoring) Today’s IT systems have more points of failure than ever before. Internet Performance Monitoring provides visibility over external networks and services to mitigate outages. By Neal Weinberg Dec 01, 2023 3 mins IT Operations brandpost Sponsored by Zscaler How customers can save money during periods of economic uncertainty Now is the time to overcome the challenges of perimeter-based architectures and reduce costs with zero trust. By Zscaler Dec 01, 2023 4 mins Security feature LexisNexis rises to the generative AI challenge With generative AI, the legal information services giant faces its most formidable disruptor yet. That’s why CTO Jeff Reihl is embracing and enhancing the technology swiftly to keep in front of the competition. By Paula Rooney Dec 01, 2023 6 mins Generative AI Digital Transformation Cloud Computing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe