Vulnerability in BlackBerry Enterprise Server (BES) components that process images

There is a vulnerability in the image processing components of the BlackBerry Enterprise Server available for MDaemon that could allow remote code execution. More information on the vulnerability can be found on the BlackBerry KB Page

This vulnerability can be addressed by upgrading to BES 2.0.2 or newer which includes a fix OR manually applying the patch if you're running 2.0.1 or lower.

Upgrade to BES 2.0.2:

  1. The download for BES 2.0.2 can be found on our Alt-N downloads page
  2. Select your preferred language
  3. Select GO
  4. Fill out the form
  5. Select Continue
  6. Download and install BES

If you're running BES 2.0.1 or lower, to apply the update:

  1. Visit the BlackBerry Download page and complete the form.
  2. Select Next
  3. Agree to the Eligibility Declaration
  4. Select Next
  5. Click the Download button
  6. Stop MDaemon
  7. Extract the image.dll file into the following directories replacing the files that already exist:
    • MDaemon\BES\Bin\
    • MDaemon\BES\Bin\MDS\bin\
  8. Launch MDaemon