ビデオヘルプ

Java Critical Flaw

作成: 27 Aug 2012 • 更新: 05 Sep 2012 | コメント数: 13
この問題は解決されました。 ソリューションを参照してください。

Hello, has Symantec address this? Is this something that SEP can assist with or block?

http://arstechnica.com/security/2012/08/critical-flaw-under-active-attack-prompts-calls-to-disable-java/

コメント コメント数: 13最新のコメントを表示

Brɨan の写真

Nothing yet.

I would expect something soon though. You can disable java in the browser and block the domain.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

_mtquery の写真

Can this or anything be done through SEP? I don't want to have to disable java on thousands of endpoints or explain to users how to do it and why they need to do it.

Brɨan の写真

You would need to create an ADC policy to essentially block java from loading.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi の写真

Hello,

Symantec is now Detecting this Threat as Java.Awetook.

http://www.symantec.com/security_response/writeup.jsp?docid=2012-082715-0841-99&om_rssid=sr-latestthreats30days

Java.Awetook exploits a zero-day vulnerability in the Java Runtime Environment (JRE) to escalate its privileges in order to download and run a malicious payload on the compromised computer.

Here is the Latest BLOG from Symantec Security Response Team.

New Java Zero-Day Vulnerability (CVE-2012-4681)

https://www-secure.symantec.com/connect/blogs/new-java-zero-day-vulnerability-cve-2012-4681

Here are Few Symantec BLOGs in respect to JAVA in the past 2 weeks.

CVE-2012-1535: Adobe Flash Player Vulnerability Exploited with Multiple Emails

https://www-secure.symantec.com/connect/blogs/cve-2012-1535-adobe-flash-player-vulnerability-exploited-multiple-emails

Exploitation of Java Vulnerabilities

https://www-secure.symantec.com/connect/blogs/exploitation-java-vulnerabilities

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

ソリューション
cus000 の写真

Well can't blame Symantec and other AV vendor because Oracle only update quarterly and they rate this as low priority...

lol

Brɨan の写真

And the real kicker was Oracle was informed of these in April

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

cus000 の写真

Saw few articles saying Oracle already knew about this flaw being possibly exploited... seems they won't patch until somebody moan about it ;)

Also the bug hunters said the out-of-band patch also flawed.....

http://securitywatch.pcmag.com/none/302218-oracle-...

http://reviews.cnet.com/8301-13727_7-57504640-263/...

Mithun Sanghavi の写真

Hello,

Followers of this Thread may be interested in:

Latest BLOG from Symantec Security Response Team.

New Java Zero-Day Vulnerability (CVE-2012-4681)

http://bit.ly/TnYqSq

and now, Symantec has added detection of Trojan.Maljava!gen24 to it's List.

Trojan.Maljava!gen24 is a heuristic detection used to detect threats associated with the Trojan.Maljava and Java.Awetook families.

http://bit.ly/PNOUKa

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

cus000 の写真

For Oracle Java SE Critical Patch Updates, the next three dates are:

  • 16 October 2012
  • 19 February 2013
  • 18 June 2013

http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Mick2009 の写真

New Security Response blog about this: interesting........

Java Zero-Day Used in Targeted Attack Campaign
 https://www-secure.symantec.com/connect/blogs/java-zero-day-used-targeted-attack-campaign

With thanks and best regards,

Mick

John Santana の写真

Yes, I wonder if this is exploits can be audited and prevented with the current SEPM v 12.1 RU1 MP1

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Mithun Sanghavi の写真

Hello,

Here is the Latest BLOG added in reference to the Java 0-day

Java 0-Day Coverage

http://bit.ly/NHJhid

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

John Santana の写真

Thanks all !

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.