News

Experts Suggest Disabling Java after Zero-Day Flaw Discovery

Security firm FireEye released information yesterday on a Java flaw that has been seen in targeted attacks in the wild, and has been tested to work on most major Web browsers for both Mac and PC.

According to researchers, all versions of Java (including the Java 7 Update 6) are susceptible to attack, and can lead to the installation of malware on a system.

The hole is due to an issue in how the "setSecurityManager()" function in Java is called. Attackers can exploit this issue and set its own privileges on a targeted system, allowing the downloading and execution of malicious software.

"A successful exploit attempt can result in a dropper (Dropper.MsPMs) getting installed on infected systems," said FireEye in a blog post. "The dropper executable is located on the same server."

Security experts have found that a variant of the Poison Ivy Trojan has been used in the targeted attacks. The exploit is said to have come from an IP address of a Chinese Web site, with the malware currently connected to a Singapore command and control server.

While the handful of attacks  seen in the wild have come from this Chinese IP address, researchers are warning that due to the relative ease of exploiting this hole, along with a proof-of-concept exploitbeing published online last night,  be on the lookout for similar attacks in the near future.

"The number of these attacks has been relatively low, but it is likely to increase due to the fact that this is a fast and reliable exploit that can be used in drive-by attacks and all kinds of links in emails," wrote security researchers Andre' M. DiMino and Mila Parkour in a blog post.

While Oracle has not released a statement on when an update will be available, security experts are suggesting that users temporarily disable the Java plugin.

"IT administrators only defense at the moment is to limit the use to Java," said Wolfgang Kandek, CTO of security firm Qualys, Inc. "This can be implemenetd by uninstalling Java where not needed or by using the Zone mechanism in Internet Explorer, forbidding Java use in the Internet Zone (setting Registry Key 1C00 to 0 in Zone 3) and allowing it only on whitelisted websites in the Trusted Zone."

For those who must use Java, an unofficial patch can be found here.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Exchange Server June Cumulative Updates Arrive, but with Red Tape

    Microsoft released its quarterly cumulative updates (CUs) for Exchange Server 2013, 2016 and 2019 products this week, but added an extra step for IT pros to consider before installing them.

  • Moving an Old VM to a New Hyper-V Host

    So you want to know whether a Hyper-V virtual machine built on a legacy host will be supported by a newer server? There's a PowerShell command for that.

  • AI-Driven Solution Tracks Packets Through the Datacenter

    Datacenter solutions vendor Kaloom this week unveiled a new offering the company says will enable the development of "self-driving" datacenter networks.

  • Microsoft Previews Azure Bastion Service for Private VM Access

    Microsoft on Tuesday announced a preview of the Azure Bastion service, which lets a user connect to an Azure virtual machine (VM) using a private Internet connection.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.