Last Thursday, when ComputerWorld published an article about a vulnerability in IBM Notes’ extra services, we have been extra busy supporting worried customers.
The story is that Lasse Trolle Borup, security advisor at Improsec, in October 2017 tested the security on a customer’s laptop. This is were he became aware of the IBM Notes system.
The three vulnerabilities lies in the platforms diagnostic and updating tools. A hacker can exploit them to gain access as a systems administrator and expand his own rights.
Now IBM has released a correction for version 9.0.1 feature Pack 10, called IF1.
The three corrections are described here:
- IBM Notes NSD Privilege Escalation
- IBM Notes Privilege escalation in IBM Notes Smart Update Service
- IBM Notes Privilege Escalation in IBM Notes Diagnostics service
If you need assistance upgrading your IBM Notes platform to 9.0.1 FeaturePack 10 IF1, Gravgaard & Co are ready to assist you.