It’s just been announced that GroupWise 7 SP3 fixes a security issue with shared folders. Without going into all of the gory details, there are ways with the Windows Client API to see mail from the owner of the shared folder that is not inside of the specific shared folder. In order to protect your site from this, you need to apply GroupWise 7 SP3, or GroupWise 6.5, SP3 Update 3 and lockout all older clients.

You are at risk if you allow shared folders in your organization. That said, the exploit cannot be used by your standard user with the GroupWise client. However, a programmer with knowledge of the Windows Client API could build an applet that would allow him/her to peek at other items in the shared folder owner’s mailbox.

Of course, only you know if the extent of the risk for your organization warrants you staying up late tonight! But patch you should!

Read more about this in TID 3263374 .

GroupWise 7 SP3 can be found here.

The GroupWise 6.5.6 Update 3 client is here.

Danita