A Tidal Wave of Java Flaw Exploitation

tsu doh nimh writes "Microsoft warned today that it is witnessing a huge spike in the exploitation of Java vulnerabilities on the Windows platform, and that attacks on Java security holes now far outpace the exploitation of Adobe PDF bugs. The Microsoft announcement cites research by blogger Brian Krebs, who has been warning for several months that Java vulnerabilities are showing up as the top moneymakers for those peddling commercial crimeware exploitation kits, such as Eleonore, Crimepack and SEO Sploit Pack." Several days ago, Oracle released a patch that fixed 29 Java security flaws.

Nervous

[Konster]

Seeing Oracle and Java all in the same sentence gives me a nervous tick...the same nervous tick that I developed when I read MS was in talks to acquire Adobe.

Re:Nervous

[MrEricSir]

Just wait until you hear the news that Larry Ellison is buying Linus Torvalds.

This article speaks the truth

[gman003]

I'm still in the process of repairing my Windows system after a Java-transmitted virus. A hacked website was sending out malware to visitors via Java applet, and the only solution I found was a format/reinstall. Since then, I've disabled Java on all my machines; the only things I've seen it used for are crappy browser games and malware.

Re:Patches have been available for a long time

I've run out of space in my head for all the different tools I need to seperately manage updates for.

Sounds like you need a computer.

Re:JVM on Windows?

[MrEricSir]

Yeah, they should have used ActiveX, right?

Re:Patches have been available for a long time

[Ant+P.]

I guess Windows isn't ready for the desktop.

Re:JRE's no mere ranger.

[Haeleth]

Here in the Enterprise(tm) world, we generally tend to, y'know, test shit thoroughly before launching/updating it.

Indeed. Most of the Enterprise(tm) world is probably completely safe from these attacks. At least till 2027 when they upgrade to the vulnerable versions.