CNET and others have reported on new security patches that were already included in Notes 6.5.5 and now this week are available in Notes 7.0.1.

IBM has issued a patch for a half dozen "highly critical" security flaws in versions of its Lotus Notes, which could allow a malicious attacker to execute arbitrary code remotely when users access files through the Notes attachment viewer.
I acknowledge a left-hand right-hand problem here.  I made a particularly boastful claim about the Notes client not having had to be security patched over the years during one of my Lotusphere sessions, while we had in fact put such a patch in the most recent version of the code.  My mistake.  However, I'd still take Notes/Domino's history in the security space over 20 other enterprise software products -- they thought it out right at the start, and even in this case, the file viewers are somewhat orthogonal to the "core" code.

Link: IBM patches Lotus flaw >
Link: (updated technotes) >

Post a Comment