Those users who are still using Novell Client for Windows should look around for alternatives. In recent weeks, at least two 0-day exploits for the kernel driver have surfaced on the internet. The security firm eEye has documented the issues with the ids 20130510 and 20130522.

The first hole, 20130510, relates to the old Novell Client 4.91 SP5 IR1 for Windows XP/2003, while the second, 20130522, concerns Novell Client 2 SP3 for Windows 7 and Windows 8. Both only offer attackers local code execution within the kernel but that could be used by attackers to disguise a previous compromise as part of digging in further on a system. There are, so far, no patches or usable workarounds for either flaw.

(djwm)