New Java Virtual Machine vulnerability

Suporte

Como podemos ajudá-lo?

Suporte para Produtos para a casa Suporte para Produtos para Empresas
Minha Conta

Sua conta

Acesse a sua conta Bitdefender e gerencie a segurança para o que importa.

Bitdefender Central Centro de Controle em NUVEM do GravityZone

10April 2003

BitDefender today warns against a serious vulnerability in the Microsoft Java Virtual Machine

BitDefender - a leading provider of data security solutions and services, today warns against a serious vulnerability in the Microsoft Java Virtual Machine, software installed on most computers running Windows operating systems. The flaw could allow attackers or Internet codes to format hard drives or to change data on victims' computers.

"This one is like I-Frame on steroids," says Mihai Chiriac, BitDefender Antivirus Researcher. "If the I-Frame vulnerability is so much used by today's viruses, this is just because it's so usual for most computers. Or Java VM is even more likely to be found on every computer running Windows", Mihai added.

There is no need to say how many computers are using Microsoft operating systems. Apparently, only from Windows XP, Java Virtual Machine has become an option; for the prior versions of Windows, the application installs by default. "Virtually, any computer running an un-patched OS could be infected just by viewing a web page or a HTML e-mail message".

BitDefender has today (April 10, 2003, 3 pm GMT) updated its software in order to generally identify the flaw or malicious codes using it. A free antidote will soon be available on the website, at http://www.bitdefender.com.

Users are urged to IMMEDIATELY install the patch against this vulnerability. Microsoft has issued a Security Bulletin (MS03-011) and a patch, available at http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-011.asp.
Most Windows users should just update using WindowsUpdate feature. Other manual, immediate solutions are enumerated below.

BitDefender has recently upgraded to the 7th version of his home protection suite and the new BitDefender Standard Edition v. 7, replacing Home Edition v. 6.5, can be evaluated for free from http://www.bitdefender.com. The list price for BitDefender starts from $29.95, including a free CD.

How to deal with this situation:

The Microsoft virtual machine (Microsoft VM) enables Java programs to run on Windows platforms. The Microsoft VM is included in most versions of Windows and Internet Explorer. When possible, application filters may be used at the firewall to inspect and/or block mobile code. Java applets can be prevented from running in the Internet Explorer Internet Zone. To do this, follow the instructions below: On the Tools menu, click Internet Options, click the Security tab, and then click Custom Level. In the Settings box, click Disable Java under Java Permissions, click OK and then click OK again.

Here is a list of the operating systems using the Java Virtual Machine:

Microsoft Windows 95

Microsoft Windows 98 and 98SE

Microsoft Windows Millennium

Microsoft Windows NT 4.0, beginning with Service Pack 1

Microsoft Windows 2000

Microsoft Windows XP

The Microsoft VM is also installed as part of several web browsers.
To check if your system is vulnerable use the BitDefender tool.

Últimas Notícias

Business Insights

HOTforSecurity

Bitdefender Lab

IoT Insights