RIM announce patch to possible BES server high vulnerability issue

RIM announce patch to possible BES server high vulnerability issue

RIM have recently announced a patch to a vulnerability in the BES server software attachment handling process which (if exploited)  might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network. The issue is highly important as the server could be compromised merely by sending a mal-formed image file attachment to an individual BlackBerry user within the organisation.

Patches are available for BES and BES Express 5.0.1 through to 5.0.3 – Customers still running BES Server 4.1.x (Exchange or Notes) would need to upgrade to 5.0.3 as given the retirement of support for 4.1.x earlier this year. Please speak to Arrow if you need to upgrade from 4.1 as we can arrange a professional upgrade for you.

For full details of the vulnerability and the link to download the patches please see the full RIM Knowledge base article
Note – If you are running the very latest release of BES (5.0.3 MR3 for Exchange or Domino) then you do not need to patch your system

Please don’t hesitate to contact the Arrow Techincal team if you have any questions or queries