Windows Enterprise Desktop

Aug 29 2012   6:01PM GMT

Possible Java Exploits Can Expose PCs to Attack

Ed Tittel Ed Tittel Profile: Ed Tittel

Quick: visit on any PC close at hand. There are a number of Java exploits rampant in the wild at the moment, so you’ll want to see a resulting screen that looks like this if you do have Java installed:

No Java vulnerabilities found

No Java vulnerabilities found

On the other hand, if you don’t have Java installed, you’ll see something like this:

If Java is absent it can't be exploited.

If Java is absent it can’t be exploited.

But if your installed version of Java is vulnerable to the latest zero-day exploits, you’ll see the following warning instead:

Your Java version is vulnerable: Look Out!

Your Java version is vulnerable: Look Out!

What to do if one or more machines shows up as vulnerable? Turn off Java is the safest and simplest response. Instructions for all major browsers are posted on the KrebsOnSecurity site associated with metasploit. This is a bona-fide zero day exploit folks, and may require immediate action!

Note: After a heckuva hullaballo, Oracle posted Version 7 Update 7 for Java today (8/30/2012) and it fixes all of the vulnerabilities that isjavaexploitable can detect. Visit to update yours immediately! Now, the only open questions are: 1. Have all 19 vulnerabilities that  Polish company Security Explorations reported to Oracle on April 2, 2012, been fixed? and 2. Have the remaining 10 vulnerabilities that they further found and reported after that date been fixed as well? I certainly hope so, but you’ll want to keep an eye on this situation, and read Lucian Constantin’s excellent Computerworld story from August 29 entitled “Oracle knew about zero-day Java vulnerabilities for months, researcher says” for more information, and an explanation as to why I remain to be fully convinced that all the exposures have been handled.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: