Even if your computer has all Microsoft Security Updates installed, have you checked for updates to third-party software recently? An important update you may have missed was Oracle update 20 for Java SE JDK 6 and Java SE JRE 6.According to the MMPC Blog report:
"Infection can occur when a user visits a webpage that hosts a malicious Java applet. If the user’s browser runs a vulnerable version of the Java Runtime Environment (up to version 6 update 18), exploitation may be successful and malware may be installed."Microsoft is detecting malicious applets that exploit this vulnerability. The current version of Java is SE JRE 6 Update 21.
The first step is to check the Java Version installed: http://www.java.com/en/download/help/testvm.xml. (Edit Note: Link corrected. Thanks, Gof.)
Next, download the update: Java SE Runtime Environment 6u21
Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.Please check add/remove programs to ensure that you have uninstalled all prior (and vulnerable) versions of SunJava.
References:
- CVE - CVE-2010-0094
- MMPC Blog: Unruy downloader uses CVE-2010-0094 Java vulnerability
- National Vulnerability Database (NVD): National Vulnerability Database (CVE-2010-0094)
Clubhouse Tags: Clubhouse, Security, Vulnerabilities, Updates, Java
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
2 comments:
Hello, :)
This ling seems better to check the Java Version installed : http://www.java.com/en/download/help/testvm.xml
Thank you. Link corrected.
Post a Comment