Sign in / up

back to article If you haven't already killed Lotus Notes, IBM just gave you the perfect reason to do it now, fast

IBM has warned that bugs in its Notes auto-updater mean the service can be tricked into running malicious code. In its advisory, IBM says the Notes Smart Updater service, which sees upgrades of Notes sent to users' desktops, “can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *

Page:

  1. adam payne

    Author Lasse Trolle Borup explains “the service simply copies itself to the TEMP directory and executes the copy, probably for when the update service must update its own executable. The problem here is, that though normal users are not allowed to list the contents of TEMP, they can still write files there.

    How many other applications update in the same way? thousands or millions?

    4 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    10

    It has now issued firmware patches for its POWER7 through to POWER9 platforms here (older chips are out-of-service), IBM i operating system patches are here, and AIX patches here.

    Wow, all 10 AIX users can get patches...

    0 0 Reply
    1. Ken 16 Silver badge
      Reply Icon

      How old are you?

      Well, of course, we had it tough. We used to 'ave to get up out of shoebox at twelve o'clock at night and lick road clean wit' tongue. We had two bits of cold gravel, worked twenty-four hours a day at mill for sixpence every four years, and when we got home our Dad would slice us in two wit' bread knife

      6 0 Reply
      1. Aladdin Sane
        Reply Icon

        Re: How old are you?

        And that's if we were lucky!

        3 0 Reply
  3. Lotaresco
    Trollface

    Oh come on! This is fake news folks!

    "Lasse Trolle Borup"

    And his friend Valter Unterbrücke, no doubt.

    7 0 Reply
  4. Anonymous Coward
    Linux

    Year 2000 is calling and wants its DLL hijacking exploit back

    can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory.”

    Sep 2000: "Microsoft Windows DLL search path weakness"

    7 0 Reply
  5. sisk

    Lotus Notes is still around and getting updates? Huh....I thought it fell by the wayside years ago.

    1 1 Reply
  6. sagan25

    Gents...slow down

    Sorry, if every serious Office bug over the last years had resulted in a recommendation to uninstall this buggy Microsoft stuff...Notes bashing is so boring.

    4 1 Reply
  7. unwarranted triumphalism

    Still Apple's fault.

    2 0 Reply
  8. Anonymous Coward
    Terminator

    Skype updater also vulnerable ..

    Skype's home-grown updater allows escalation of privilege to SYSTEM

    1 0 Reply
  9. Anonymous Coward
    Anonymous Coward

    I miss Notes.

    It was great !

    My coat is the one with straps to stop me doing harm to myself.

    0 0 Reply

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like