Video Screencast Help

0day Java 7 Exploit - is SEP ready for this one?

Created: 10 Jan 2013 • Updated: 11 Jan 2013 | 4 comments

See this notice posted today:

I'd like to see if anyone from Symantec Corp monitoring can assure me (us) that Sym Endpoint Prot can block or defeat this.  It sounds, looks and smells pretty ominous.  Extra concern:  In the eMail that this alert was received the authors also indicate that everyone is going to have to move to Java 7 by the end of Feb.  I don't know where they got this from but if true, forcing us to Java 7 then may create even more surface area exposure to this one -if- we're not on top of it.

Is this a genuine threat and does this threat need/deserve attention?

And, how much attention will it get from our malware signature publishers at Symantec?


Comments 4 CommentsJump to latest comment

Mithun Sanghavi's picture


Check this BLOG from Symantec Security Response Team on same issue -

Java Zero-Day Dished Up from Cool Exploit Kit

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

pete_4u2002's picture

IPS signature within SEP will help to prevent the attack. check the above blog .

Herbo's picture

Yes, this helps a lot.  This is why we purchase top-quality, industrial strength, commercial grade software.  I'll rest a bit easier now.

And, so Java 6 goes bye-bye in Feb (supposedly)...


Topa 101's picture

 In my opinion:

The Windows environment Java Exploit describe by DHS can be Contained in kind of a "walled garden" using “Symantec Endpoint Protection's” "Application and device control" policy feature.

This is done by first building an execute rule around the JRE exe's and Dll's, basically telling JRE it cannot execute any applications out side its own Shell or you can specify exactly what apps it can spawn/compile and from where!,

Next building a file/folder write restriction policy that says where & what JRE can write to the disk, registry & memory.

Now write a rule that explicitly states what applications can spawn the JRE.

This a bit Over simplified but seems to work in other application senarios we used it to mitigate. I love it.

Gregory A Anderson

Symantec Certified specialist - SEP v11.x - v12.1.x

Symantec DLP 12.x Boot Camp survivor