Windows Enterprise Desktop

Aug 29 2012   6:01PM GMT

Possible Java Exploits Can Expose PCs to Attack

Ed Tittel Ed Tittel Profile: Ed Tittel

Quick: visit http://www.isjavaexploitable.com/ on any PC close at hand. There are a number of Java exploits rampant in the wild at the moment, so you’ll want to see a resulting screen that looks like this if you do have Java installed:

No Java vulnerabilities found

No Java vulnerabilities found

On the other hand, if you don’t have Java installed, you’ll see something like this:

If Java is absent it can't be exploited.

If Java is absent it can’t be exploited.

But if your installed version of Java is vulnerable to the latest zero-day exploits, you’ll see the following warning instead:

Your Java version is vulnerable: Look Out!

Your Java version is vulnerable: Look Out!

What to do if one or more machines shows up as vulnerable? Turn off Java is the safest and simplest response. Instructions for all major browsers are posted on the KrebsOnSecurity site associated with metasploit. This is a bona-fide zero day exploit folks, and may require immediate action!

Note: After a heckuva hullaballo, Oracle posted Version 7 Update 7 for Java today (8/30/2012) and it fixes all of the vulnerabilities that isjavaexploitable can detect. Visit  www.java.com/getjava/ to update yours immediately! Now, the only open questions are: 1. Have all 19 vulnerabilities that  Polish company Security Explorations reported to Oracle on April 2, 2012, been fixed? and 2. Have the remaining 10 vulnerabilities that they further found and reported after that date been fixed as well? I certainly hope so, but you’ll want to keep an eye on this situation, and read Lucian Constantin’s excellent Computerworld story from August 29 entitled “Oracle knew about zero-day Java vulnerabilities for months, researcher says” for more information, and an explanation as to why I remain to be fully convinced that all the exposures have been handled.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: