Java Flaw Being Exploited Thanks to Hacker Toolkit

The BlackHole kit, a popular exploit set among hackers, has been updated to take advantage of a recently discovered Java hole that security researchers say many haven't updated yet.

The Java exploit allows attackers to bypass the Java Runtime Environment's sandbox platform to install malicious code remotely. Microsoft reported last week that it had observed this vulnerability being exploited in the wild last week.

Microsoft also tested to see if the vulnerability could easily be exploited. It successfully accessed the Java sandbox mode and installed the ZeuS Trojan on a test machine.  

Cyber security blogger Brian Krebs said the vulnerability was spotted shortly after Microsoft's tests were made public.

"According to posts on several underground carding forums, the exploit has now been automatically rolled out to miscreants armed with BlackHole, by far the most widely used exploit pack," Krebs wrote in a blog post.

The newest patch from Java, which was released February 15, will protect users from this exploit. However, Marcus Carey, security researcher for Rapid7, estimates that a majority of Java users have yet to upgrade.

"Rapid7 researched the typical patch cycle for Java and identified a telling pattern of behavior," said Carey. "We found that during the first month after a Java patch is released, adoption is less than 10 percent. After two months, approximately 20 percent have applied patches and after three months, we found that more than 30 percent are patched. We determined that the highest patch rate last year was 38 percent with Java Version 6 Update 26 3 months after its release."

Based on Rapid7's observations, it is estimated that only around 10 percent of users are running the newest Java version.

It is recommended that those who have not patched to the latest version of Java do so as soon as possible. The update, including additional information on the patch, can be found here.  

About the Author

Chris Paoli is the site producer for and


  • Azure Active Directory Connect Preview Adds Support for Disconnected AD Forests

    Microsoft on Thursday announced a preview of a new "Cloud Provisioning" feature for the Azure Active Directory Connect service that promises to bring together scattered Active Directory "forests."

  • Microsoft Defender ATP Gets macOS Investigation Support

    The endpoint and detection response (EDR) feature in Microsoft Defender Advanced Threat Protection (ATP) has reached the "general availability" stage for macOS devices.

  • How To Block Self-Service Purchasing in Microsoft's Power Platform

    Microsoft threw Office 365 admins a bone when it gave them the ability to block users from purchasing Power Platform tools without IT approval. Here's how to prevent total anarchy.

  • Azure DevOps Services Losing Support for Alternate Credentials

    Microsoft gave notice last week that it's going to drop Alternate Credentials support for authenticating users of its Azure DevOps Services.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.