0day Java 7 Exploit - is SEP ready for this one?
See this notice posted today: http://blog.beyondtrust.com/java-0day-exploit-oracle-urges-people-to-run-into-burning-building
I'd like to see if anyone from Symantec Corp monitoring can assure me (us) that Sym Endpoint Prot can block or defeat this. It sounds, looks and smells pretty ominous. Extra concern: In the eMail that this alert was received the authors also indicate that everyone is going to have to move to Java 7 by the end of Feb. I don't know where they got this from but if true, forcing us to Java 7 then may create even more surface area exposure to this one -if- we're not on top of it.
Is this a genuine threat and does this threat need/deserve attention?
And, how much attention will it get from our malware signature publishers at Symantec?
H
Comments 4 Comments • Jump to latest comment
Hello,
Check this BLOG from Symantec Security Response Team on same issue -
Java Zero-Day Dished Up from Cool Exploit Kit
https://www-secure.symantec.com/connect/blogs/java-zero-day-dished-cool-exploit-kit
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
IPS signature within SEP will help to prevent the attack. check the above blog .
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Yes, this helps a lot. This is why we purchase top-quality, industrial strength, commercial grade software. I'll rest a bit easier now.
And, so Java 6 goes bye-bye in Feb (supposedly)...
H
In my opinion:
The Windows environment Java Exploit describe by DHS can be Contained in kind of a "walled garden" using “Symantec Endpoint Protection's” "Application and device control" policy feature.
This is done by first building an execute rule around the JRE exe's and Dll's, basically telling JRE it cannot execute any applications out side its own Shell or you can specify exactly what apps it can spawn/compile and from where!,
Next building a file/folder write restriction policy that says where & what JRE can write to the disk, registry & memory.
Now write a rule that explicitly states what applications can spawn the JRE.
This a bit Over simplified but seems to work in other application senarios we used it to mitigate. I love it.
Gregory Anderson
Symantec Certified specialist - SEP v11.x - v12.x
Would you like to reply?
Login or Register to post your comment.