Some of the six holes can allow attackers to hijack corporate systems even if users only view incoming e-mail.
Six critical vulnerabilities have been found in IBM's Lotus Notes, Big Blue and security firms announced Friday, including some that could allow attackers to hijack corporate systems if users simply viewed incoming e-mail.
Danish vulnerability tracker Secunia, which discovered the half-dozen bugs, tagged them as "Highly critical," its second-from-the-top alert rating, and said that some of the flaws would create buffer overflows, normally the only entry hackers need to start dropping their own code onto a compromised computer.
Some of the vulnerabilities, said Secunia, can be exploited if users only view malicious e-mails, while others require users to open attachments or extract files from a compressed file attached to a message.
Several versions of Notes are at risk, including 7.0 and 6.5.4. Updating Notes to 6.5.5 or 7.0.1 solves the problem, said IBM.
"In general, users are strongly urged to use caution when opening or viewing unsolicited file attachments," IBM also recommended in its advisory. IBM offered up work-arounds for customers unable to patch immediately, but they required users or administrators to disable a number of DLLs.
The last bugs to hit Notes were a handful in early January, when IBM itself acknowledged that the e-mail system and its client were open to denial-of-service (DoS) attacks.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.