Office of Information Technology Newsletter

Patch Available to Address Java Vulnerability in Lotus Notes

Lotus Notes Logo

The Office of Information Technology would like to warn Lotus Notes client users of a Java vulnerability that affects them. Due to this vulnerability, an attacker could persuade you to run Java code from an untrusted, malicious source resulting in an escalation of privileges. This generally happens when the attacker convinces you to either open an email containing a malicious applet or click on a malicious web link within Lotus Notes, which, in turn, runs a Java agent, applet, or application.

Without patching this vulnerability, computers are left susceptible to attackers, as malicious software can be installed without the user's knowledge through what is known as a "drive-by" attack, where the computer gets infected with malware simply by visiting a website that has been infected. It is important to recognize that there are NO safe websites. Recently, even NBC.com was infecting customers that had unpatched Java and Adobe products, as described in the link to the article in the Related Links section.

The Office of Information Technology is working out plans to patch all of the Lotus Notes clients for campus users by the middle of the summer, to be the least disruptive to faculty teaching classes this Spring. But, in the meantime, you can manually update your software to address this vulnerability by following the instructions below.

 

Recommendations

  1. Install the latest Lotus Notes client and Fix Pack.
    • Log into the myau.american.edu web portal.
    • Click to expand the TECHNOLOGY section of the PERSONALIZED LINKS box on the right.
    • Click the DOWNLOAD SOFTWARE link.
    • Open your Lotus Notes client software. Check your current version of the Lotus Notes client by selecting HELP and ABOUT IBM LOTUS NOTES. The second line should show the release number.
    • Switch back to the Download Software window and follow the instructions below, appropriate to your situation.
      • If the release is version 8.5.3 FP3, you do not need to do anything.
      • If the release is version is 8.5.3 without the FP3 on the end, then you just need to install the LOTUS NOTES CLIENT 8.5.3 FIX PACK 3 for the appropriate operating system.
      • If the release is a version earlier than 8.5.3, you will need to first install the LOTUS NOTES CLIENT 8.5.3 for the appropriate operating system. Then, you will need to also install the LOTUS NOTES CLIENT 8.5.3 FIX PACK 3 for the appropriate operating system.
  2. Make sure that your Notes client is set to use your default web browser, rather than the one internal to the Notes client.
    • From the Lotus Notes client, select FILE and PREFERENCES from the main menu.
    • Click the WEB BROWSER option on the right.
    • Make sure that USE THE BROWSER THAT I HAVE SET AS THE DEFAULT FOR THIS OPERATING SYSTEM is set.
    • Click APPLY and OK.

 

Summary of Changes

Please note that there are no substantial changes to the interface of the Lotus Notes client with version 8.5.3 fix pack 3. There are a few new configuration settings introduced, such as:

  • Slide in New Mail Notification - This gives you the option of seeing a summary containing the Sender and subject of new email messages in the lower right corner, so you do not have to leave your current window.

  • Automatically Closes Emails When Replying/Forwarding - This option closes the email that was just replied to, in an effort to help minimize open email tabs.

  • Sync Personal Contacts to WebMail - This enables two way synching to keep your personal contacts in the Lotus Notes client synched between WebMail and Mobile devices and vice-versa.

  • New Options for Recent Contacts - This feature can be used to limit what addresses are pulled from your email into your Recent Contacts, so you don't have to add each address manually. Prior to this, too many addresses were pulled from the cc and bcc fields.

  • Calendar Ghosting - When this option is enabled, you will see a grey Meeting entry on your calendar even before you have accepted or declined and others might think you are free at that time. Once accepted, the Meeting will be changed to the normal color you have set for meetings.

  • Displays Countered Meeting Proposals on Calendar - This was a much request feature. Before the change when you countered a Meeting, the entry would disappear from your calendar view and others might think you are free at that time. Now, it is changed to orange. Once the Meeting is accepted by the Chair, it is then changed to the normal color you have set for meetings.

  • Right-Click Search from Items in Inbox - When using the Right Click Search, the syntax is automatically generated to search email by Sender or by Subject in the Search this View box.

 

Please contact the IT Help Desk at 202-885-2550, e-mail helpdesk@american.edu, or instant messenger at AskAmericanUHelp for assistance with updating your Lotus Notes client software.


>> Back to Newsletter