Wednesday, November 28, 2007

Admins: You're going to want to read this!

I was forwarded this from a colleague this morning. It appears that there is a security issue with Lotus 123 files being viewed in Notes. Here's a snippit from the article posted at Core Security:

"These vulnerabilities could allow attackers to remotely execute arbitrary commands on vulnerable systems by attaching a specially crafted file that triggers exploitation when unsuspecting users attempt to “View” the attachment. Exploitation of these vulnerabilities requires user intervention."

The link to the article at Core Security

Lotus has issued a Technote regarding this issue. Click here to view it.

From what I have read, this only effects the Notes client. The workarounds include either getting a patch from IBM, deleting the file l123sr.dll from workstations, (that's a lower case L), or commenting out specific lines in the keyview.ini. The technote goes into all that detail. Of course, another approach might be to just block any .wks, .wk1, .wk2, wk3, and .wk4 extensions from coming into your email system all together. For now, that might be the easiest approach.

No comments: