BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Java Zero Day Exploit – Java 7 Not the Answer

Posted January 10, 2013    BeyondTrust Research Team

A new Java zero-day vulnerability has been seen exploiting hundreds of thousands of machines. This 0day has already been incorporated into Cool Exploit Kit and Blackhole, in addition to Nuclear Pack and Redkit. This vulnerability affects Java 7 versions up to and including the current version of Java, 7u10. It should be noted that while it only affects version 7, Java 6 users will be forced to automatically upgrade to version 7 in February of this year, which means that even more people will be exposed to this vulnerability than are currently exposed.

Proof of concept code is already publicly available and we expect to see fully functioning exploit code incorporated into even more exploit frameworks within the next few days.

The bug itself allows the attacker to bypass certain security mechanisms in the Java sandbox, elevating the privileges of the attacker on the system, so they can execute any code they want to on the vulnerable system within the context of the current user. This means that if you are currently running with administrator privileges, the attacker’s code will be able to access a huge amount of the system’s resources, compared to if you were running with lower privileges. To mitigate this kind of risk, there are solutions such as PowerBroker for Windows, which help businesses manage desktop privileges.

For the time being, the current mitigation is to disable Java. If you don’t need it, remove it from the system entirely.

BeyondTrust Customers
Those customers who are protected by Retina CS for enterprise threat management or Retina Network for vulnerability scanning, can detect this vulnerability with the following audits:

– 18000 – Oracle Java Security Bypass Remote Code Execution (Zero-Day) – Windows
– 18001 – Oracle Java Security Bypass Remote Code Execution (Zero-Day) – UNIX/Linux

Tags:
, , , , , ,

Leave a Reply

5 Responses to “Java Zero Day Exploit – Java 7 Not the Answer”

  1. Tony

    Sounds like in February Oracle will require us to run into a burning building.

    January 10, 2013 2:59:26, Reply
  2. Java 7 0day actively exploited in the wild | thornstrom blog

    […] Read full blog post at: BeyondTrust […]

    January 10, 2013 3:09:24, Reply
  3. Philip

    What is the CVE for this 0-day?

    January 10, 2013 3:38:38, Reply
  4. raphael

    We are using SIEM solution to validate all the traffic that could come to or from the computers. For zero-day vulnerability, the Proxy & FW are set with advanced rules to blocked all websites except the predefined white-list. Also we have dedicated security team to verify the risks that all the up2date computer could faced.

    January 11, 2013 10:54:54, Reply
  5. Gregory

    In my opinion: The Windows environment Java Exploit describe by DHS and Oracle can be Contained in kind of a walled garden using “Symantec Endpoint protection’s” “Application and device control” policy feature. This is done by first building an execute rule around the JRE exe’s and Dll’s java uses to define its sand box, basically telling JRE it cannot execute any applications out side its own Shell or you can specify exactly what apps java can spawn or compile, and from where!, Next build a file/folder write restriction policy that says where & what JRE can write to the disk, registry & memory. Now write a rule that explicitly states what applications can spawn the JRE. Over simplified, I know but we have done this for other application with simular exploit potential in windows environments

    January 12, 2013 11:08:53, Reply

Additional articles

Dark Reading

2014: The Year of Privilege Vulnerabilities

Posted December 18, 2014    Chris Burd

Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of “least privilege” could limit the impact of malware and raise the bar of difficulty for attackers.

Tags:
, , , , ,
dave-shackleford-headshot

Looking back on information security in 2014

Posted December 16, 2014    Dave Shackleford

Dave Shackleford is a SANS Instructor and founder of Voodoo Security. Join Dave for a closer look at the year in security, and learn what you can do to prepare for 2015, with this upcoming webinar. 2014 has been one heck of an insane year for information security professionals. To start with, we’ve been forced…

Tags:
, ,
patch-tuesday

December 2014 Patch Tuesday

Posted December 9, 2014    BeyondTrust Research Team

This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some…

Tags:
,