For many businesses, disabling Java to guard against a zero-day attack is easier said than done. The consequences of falling victim to an exploit are high -- but the consequences of losing Java functionality can be high as well. "This means a tremendous disruption to your company's operations," noted A.N. Ananth, CEO of EventTracker.
The U.S. Department of Homeland Security is urging computer users to disable or uninstall Java due to a serious flaw in Runtime Environment (JRE) 7.
The DHS' Computer Emergency Readiness Team warned Thursday evening that it was being exploited in the wild and could allow an attacker to execute arbitrary code on vulnerable systems.
CERT recommended that Java be disabled in Web browsers. It pointed users to the Solution section of the US-CERT Alert and to the Oracle Technical Note Setting the Security Level of the Java Client for information on how to do that.
Another Zero-Day Alarm
The warning is bad news for Java, which has been the target of more than its fair share of zero-day exploits.
"I've said it before and I'll say it again; if you don't need Java, disable it," Andrew Storms, director of security operations for nCircle, told TechNewsWorld.
"It's a drive-by bug, so little user interaction is necessary, and people won't even know they've been attacked until it's too late," he explained. "Although current attacks are focused on Windows, this bug isn't operating system specific, so no one will be safe for long -- especially since major exploit kits now include attacks."
The potential consequences of exploit are high, noted Tyler Shields, senior security researcher at Veracode.
The DHS' Computer Emergency Readiness Team warned Thursday evening that it was being exploited in the wild and could allow an attacker to execute arbitrary code on vulnerable systems.
CERT recommended that Java be disabled in Web browsers. It pointed users to the Solution section of the US-CERT Alert and to the Oracle Technical Note Setting the Security Level of the Java Client for information on how to do that.
Another Zero-Day Alarm
The warning is bad news for Java, which has been the target of more than its fair share of zero-day exploits.
"I've said it before and I'll say it again; if you don't need Java, disable it," Andrew Storms, director of security operations for nCircle, told TechNewsWorld.
"It's a drive-by bug, so little user interaction is necessary, and people won't even know they've been attacked until it's too late," he explained. "Although current attacks are focused on Windows, this bug isn't operating system specific, so no one will be safe for long -- especially since major exploit kits now include attacks."
The potential consequences of exploit are high, noted Tyler Shields, senior security researcher at Veracode.
0 comments:
Post a Comment
Thank You for your comment, keep it up