The first half of June brought some Synology news. Synology released the beta for a new software package and moved another package from beta to official release. Both of these products promise recurring revenue to Synology.
Vulnerabilities continue to be found in Intel chips, along with a couple software vulnerabilities. At least the software bugs were patched. The CPU vulnerabilities are a harder to solve problem.
Web Station has a vulnerability that allows phishing attacks. The vulnerability is patched in version 2.1.3-0139 and above. The vulnerability has conflicting ratings in Synology Security Bulletin SA-18:29. The bulletin header rates it as Important while the bulletin body rates it as Moderate.
The Synology SSL VPN Client has a vulnerability that allows a man-in-the-middle attack. This is rated as Important in Synology Security Bulletin SA-18:30. The vulnerability is patched in version 1.2.5-0226 and above.
Intel CPUs have yet another vulnerability as described in Synology Security Bulletin SA-18:31. The vulnerability is rated as Moderate by Synology and is unresolved. Currently, only a small number of models are affected, the DS36, RS36, and RS34. See the previously linked bulletin for the latest list. All DSM versions running on vulnerable Intel CPUs are vulnerable.
Synology released Synology Security Bulletin SA-18:32 to let us know that their products are not affected by the latest ISC BIND vulnerability (CVE-2018-5738).
Synology continues to expand its services business by releasing the official version of Active Backup for Office 365, which was previously in beta. This software backs Office 365 data to your local NAS. Active Backup for Office 365 has 10 free licenses on any Synology NAS that supports it. More information is available here.
Synology Active Backup for Business is a new offering that’s now in a beta period. Active backup for Business allows backing up Windows PCs, Windows Servers, and virtual machines. The software is free during the beta, but will then require a separate license per host being backed up once the beta is over. More information is available here.