Endpoint Protection

 View Only
  • 1.  Oracle releases Java 7 update 11 for zero-day flaw

    Posted Jan 16, 2013 08:49 AM

    Does Symatec has detection and cure for this vulnerability. If yes, can anyone share the details.
     



  • 2.  RE: Oracle releases Java 7 update 11 for zero-day flaw

    Posted Jan 16, 2013 08:49 AM

    Yes, check this thread:

    https://www-secure.symantec.com/connect/forums/0day-java-7-exploit-sep-ready-one

    Here is the Symantec Security Response blog posts in regards to it:

    http://www.symantec.com/connect/blogs/java-zero-day-dished-cool-exploit-kit

    https://www-secure.symantec.com/connect/blogs/additional-protection-recent-java-zero-day

    So as long as your defs are up to date, you are protected.



  • 3.  RE: Oracle releases Java 7 update 11 for zero-day flaw



  • 4.  RE: Oracle releases Java 7 update 11 for zero-day flaw

    Trusted Advisor
    Posted Jan 16, 2013 09:00 AM

    Hello,

    Java Zero-Day Exploit (CVE-2013-0422) is being detected by Symantec Intrusion Prevention.

    Symantec has the following IPS signatures in place that specifically protect against the Cool Exploit Kit:

    Web Attack: Cool Exploit Kit Website - www.symantec.com/security_response/attacksignatures/detail.jsp

    Web Attack: Cool Exploit Kit PDF Download - www.symantec.com/security_response/attacksignatures/detail.jsp

    You may also like to check this Latest Symantec Article on the same issue -

    Java Zero-Day Exploit (CVE-2013-0422)

    http://www.symantec.com/docs/TECH201601

    and these Latest Symantec BLOG's

    Java Zero-Day Dished Up from Cool Exploit Kit

    http://www.symantec.com/connect/blogs/java-zero-day-dished-cool-exploit-kit

    Additional Protection for Recent Java Zero-Day

    http://www.symantec.com/connect/blogs/additional-protection-recent-java-zero-day

    On January 13, 2012, Oracle has released the patch found on -

    http://www.oracle.com/technetwork/java/javase/downloads/index.html

    and

    Symantec strongly urges all users of Java to download and install this patch as soon as possible.

    Oracle has also provided a blog for further details on the vulnerability.

    https://blogs.oracle.com/security/entry/security_alert_for_cve_2013

    I am sure the above information would assist you to Answer your question.



  • 5.  RE: Oracle releases Java 7 update 11 for zero-day flaw

    Posted Apr 26, 2013 07:22 AM

    This new Secureity Response blog post will be of interest to followers of this thread:

    2013 First Quarter Zero-Day Vulnerabilities
    https://www-secure.symantec.com/connect/blogs/2013-first-quarter-zero-day-vulnerabilities

    ...

    Symantec recommends users to follow these best security practices:

    • Ensure all applications are up to date with the latest security patches. Even though a zero-day exploit cannot be patched, the latest updates will provide protection from previously disclosed vulnerabilities.
    • Ensure antivirus and IPS definitions are up-to-date.
    • Avoid visiting sites of questionable integrity.
    • Avoid opening files provided by untrusted sources.
    • Implement multiple redundant layers of security such as non-executable and randomly mapped memory segments that may hinder an attacker's ability to exploit vulnerabilities.