BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Java Zero Day Exploit – Java 7 Not the Answer

Posted January 10, 2013    BeyondTrust Research Team

A new Java zero-day vulnerability has been seen exploiting hundreds of thousands of machines. This 0day has already been incorporated into Cool Exploit Kit and Blackhole, in addition to Nuclear Pack and Redkit. This vulnerability affects Java 7 versions up to and including the current version of Java, 7u10. It should be noted that while it only affects version 7, Java 6 users will be forced to automatically upgrade to version 7 in February of this year, which means that even more people will be exposed to this vulnerability than are currently exposed.

Proof of concept code is already publicly available and we expect to see fully functioning exploit code incorporated into even more exploit frameworks within the next few days.

The bug itself allows the attacker to bypass certain security mechanisms in the Java sandbox, elevating the privileges of the attacker on the system, so they can execute any code they want to on the vulnerable system within the context of the current user. This means that if you are currently running with administrator privileges, the attacker’s code will be able to access a huge amount of the system’s resources, compared to if you were running with lower privileges. To mitigate this kind of risk, there are solutions such as PowerBroker for Windows, which help businesses manage desktop privileges.

For the time being, the current mitigation is to disable Java. If you don’t need it, remove it from the system entirely.

BeyondTrust Customers
Those customers who are protected by Retina CS for enterprise threat management or Retina Network for vulnerability scanning, can detect this vulnerability with the following audits:

– 18000 – Oracle Java Security Bypass Remote Code Execution (Zero-Day) – Windows
– 18001 – Oracle Java Security Bypass Remote Code Execution (Zero-Day) – UNIX/Linux

Tags:
, , , , , ,

Leave a Reply

5 Responses to “Java Zero Day Exploit – Java 7 Not the Answer”

  1. Tony

    Sounds like in February Oracle will require us to run into a burning building.

    January 10, 2013 2:59:26, Reply
  2. Java 7 0day actively exploited in the wild | thornstrom blog

    […] Read full blog post at: BeyondTrust […]

    January 10, 2013 3:09:24, Reply
  3. Philip

    What is the CVE for this 0-day?

    January 10, 2013 3:38:38, Reply
  4. raphael

    We are using SIEM solution to validate all the traffic that could come to or from the computers. For zero-day vulnerability, the Proxy & FW are set with advanced rules to blocked all websites except the predefined white-list. Also we have dedicated security team to verify the risks that all the up2date computer could faced.

    January 11, 2013 10:54:54, Reply
  5. Gregory

    In my opinion: The Windows environment Java Exploit describe by DHS and Oracle can be Contained in kind of a walled garden using “Symantec Endpoint protection’s” “Application and device control” policy feature. This is done by first building an execute rule around the JRE exe’s and Dll’s java uses to define its sand box, basically telling JRE it cannot execute any applications out side its own Shell or you can specify exactly what apps java can spawn or compile, and from where!, Next build a file/folder write restriction policy that says where & what JRE can write to the disk, registry & memory. Now write a rule that explicitly states what applications can spawn the JRE. Over simplified, I know but we have done this for other application with simular exploit potential in windows environments

    January 12, 2013 11:08:53, Reply

Additional articles

CyberResiliency

6 things I like about Gartner’s Cyber Resiliency Strategy

Posted August 27, 2015    Nigel Hedges

There were 6 key principles, or recommendations, that Gartner suggested were important drivers towards a great cyber resiliency posture. I commented more than once during the conference that many of these things were not new. They are all important recommendations that are best when placed together and given to senior management and the board – a critical element of organisations that desperately need to “get it”.

Tags:
,
powerbroker-difference-1

Why Customers Choose PowerBroker: Flexible Deployment Options

Posted August 26, 2015    Scott Lang

BeyondTrust commissioned a study of our customer base in early 2015 to determine how we are different from other alternatives in the market. What we learned was that there were six key differentiators that separate BeyondTrust from other solution providers in the market. We call it the PowerBroker difference,

Tags:
, ,
Mac-Security-Enterprise

On Demand Webinar: Security Risk of Mac OS X in the Enterprise

Posted August 20, 2015    BeyondTrust Software

In the last several years, Mac administrators have come to realize that they may be just as vulnerable to exploits and malware as most other operating systems. New malware and adware is released all the time, and there have been serious vulnerabilities patched by Apple in the past several years, some of which may afford attackers full control of your systems.

Tags:
, ,