Video Screencast Help

Java Critical Flaw

Created: 27 Aug 2012 • Updated: 05 Sep 2012 | 13 comments
This issue has been solved. See solution.

Hello, has Symantec address this? Is this something that SEP can assist with or block?

http://arstechnica.com/security/2012/08/critical-flaw-under-active-attack-prompts-calls-to-disable-java/

Comments 13 CommentsJump to latest comment

.Brian's picture

Nothing yet.

I would expect something soon though. You can disable java in the browser and block the domain.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

_mtquery's picture

Can this or anything be done through SEP? I don't want to have to disable java on thousands of endpoints or explain to users how to do it and why they need to do it.

.Brian's picture

You would need to create an ADC policy to essentially block java from loading.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Symantec is now Detecting this Threat as Java.Awetook.

http://www.symantec.com/security_response/writeup.jsp?docid=2012-082715-0841-99&om_rssid=sr-latestthreats30days

Java.Awetook exploits a zero-day vulnerability in the Java Runtime Environment (JRE) to escalate its privileges in order to download and run a malicious payload on the compromised computer.

Here is the Latest BLOG from Symantec Security Response Team.

New Java Zero-Day Vulnerability (CVE-2012-4681)

https://www-secure.symantec.com/connect/blogs/new-java-zero-day-vulnerability-cve-2012-4681

Here are Few Symantec BLOGs in respect to JAVA in the past 2 weeks.

CVE-2012-1535: Adobe Flash Player Vulnerability Exploited with Multiple Emails

https://www-secure.symantec.com/connect/blogs/cve-2012-1535-adobe-flash-player-vulnerability-exploited-multiple-emails

Exploitation of Java Vulnerabilities

https://www-secure.symantec.com/connect/blogs/exploitation-java-vulnerabilities

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
cus000's picture

Well can't blame Symantec and other AV vendor because Oracle only update quarterly and they rate this as low priority...

 

lol

.Brian's picture

And the real kicker was Oracle was informed of these in April

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

cus000's picture

Saw few articles saying Oracle already knew about this flaw being possibly exploited... seems they won't patch until somebody moan about it ;)

 

Also the bug hunters said the out-of-band patch also flawed.....

 

http://securitywatch.pcmag.com/none/302218-oracle-...

http://reviews.cnet.com/8301-13727_7-57504640-263/...

 

 

Mithun Sanghavi's picture

Hello,

Followers of this Thread may be interested in:

Latest BLOG from Symantec Security Response Team.

New Java Zero-Day Vulnerability (CVE-2012-4681)

http://bit.ly/TnYqSq

and now, Symantec has added detection of Trojan.Maljava!gen24 to it's List.

Trojan.Maljava!gen24 is a heuristic detection used to detect threats associated with the Trojan.Maljava and Java.Awetook families.

http://bit.ly/PNOUKa

Hope that helps!!

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

cus000's picture

For Oracle Java SE Critical Patch Updates, the next three dates are:

  • 16 October 2012
  • 19 February 2013
  • 18 June 2013

 

 

 

http://www.oracle.com/technetwork/topics/security/...

 

Mick2009's picture

New Security Response blog about this: interesting........

Java Zero-Day Used in Targeted Attack Campaign
 https://www-secure.symantec.com/connect/blogs/java-zero-day-used-targeted-attack-campaign

With thanks and best regards,

Mick

John Santana's picture

Yes, I wonder if this is exploits can be audited and prevented with the current SEPM v 12.1 RU1 MP1

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Mithun Sanghavi's picture

Hello,

Here is the Latest BLOG added in reference to the Java 0-day

Java 0-Day Coverage

http://bit.ly/NHJhid

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

John Santana's picture

Thanks all !

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.