Java Flaw Being Exploited Thanks to Hacker Toolkit

The BlackHole kit, a popular exploit set among hackers, has been updated to take advantage of a recently discovered Java hole that security researchers say many haven't updated yet.

The Java exploit allows attackers to bypass the Java Runtime Environment's sandbox platform to install malicious code remotely. Microsoft reported last week that it had observed this vulnerability being exploited in the wild last week.

Microsoft also tested to see if the vulnerability could easily be exploited. It successfully accessed the Java sandbox mode and installed the ZeuS Trojan on a test machine.  

Cyber security blogger Brian Krebs said the vulnerability was spotted shortly after Microsoft's tests were made public.

"According to posts on several underground carding forums, the exploit has now been automatically rolled out to miscreants armed with BlackHole, by far the most widely used exploit pack," Krebs wrote in a blog post.

The newest patch from Java, which was released February 15, will protect users from this exploit. However, Marcus Carey, security researcher for Rapid7, estimates that a majority of Java users have yet to upgrade.

"Rapid7 researched the typical patch cycle for Java and identified a telling pattern of behavior," said Carey. "We found that during the first month after a Java patch is released, adoption is less than 10 percent. After two months, approximately 20 percent have applied patches and after three months, we found that more than 30 percent are patched. We determined that the highest patch rate last year was 38 percent with Java Version 6 Update 26 3 months after its release."

Based on Rapid7's observations, it is estimated that only around 10 percent of users are running the newest Java version.

It is recommended that those who have not patched to the latest version of Java do so as soon as possible. The update, including additional information on the patch, can be found here.  

About the Author

Chris Paoli is the site producer for and


  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.