News

Experts Suggest Disabling Java after Zero-Day Flaw Discovery

Security firm FireEye released information yesterday on a Java flaw that has been seen in targeted attacks in the wild, and has been tested to work on most major Web browsers for both Mac and PC.

According to researchers, all versions of Java (including the Java 7 Update 6) are susceptible to attack, and can lead to the installation of malware on a system.

The hole is due to an issue in how the "setSecurityManager()" function in Java is called. Attackers can exploit this issue and set its own privileges on a targeted system, allowing the downloading and execution of malicious software.

"A successful exploit attempt can result in a dropper (Dropper.MsPMs) getting installed on infected systems," said FireEye in a blog post. "The dropper executable is located on the same server."

Security experts have found that a variant of the Poison Ivy Trojan has been used in the targeted attacks. The exploit is said to have come from an IP address of a Chinese Web site, with the malware currently connected to a Singapore command and control server.

While the handful of attacks  seen in the wild have come from this Chinese IP address, researchers are warning that due to the relative ease of exploiting this hole, along with a proof-of-concept exploitbeing published online last night,  be on the lookout for similar attacks in the near future.

"The number of these attacks has been relatively low, but it is likely to increase due to the fact that this is a fast and reliable exploit that can be used in drive-by attacks and all kinds of links in emails," wrote security researchers Andre' M. DiMino and Mila Parkour in a blog post.

While Oracle has not released a statement on when an update will be available, security experts are suggesting that users temporarily disable the Java plugin.

"IT administrators only defense at the moment is to limit the use to Java," said Wolfgang Kandek, CTO of security firm Qualys, Inc. "This can be implemenetd by uninstalling Java where not needed or by using the Zone mechanism in Internet Explorer, forbidding Java use in the Internet Zone (setting Registry Key 1C00 to 0 in Zone 3) and allowing it only on whitelisted websites in the Trusted Zone."

For those who must use Java, an unofficial patch can be found here.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus