BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Java Zero Day Exploit – Java 7 Not the Answer

Posted January 10, 2013    BeyondTrust Research Team

A new Java zero-day vulnerability has been seen exploiting hundreds of thousands of machines. This 0day has already been incorporated into Cool Exploit Kit and Blackhole, in addition to Nuclear Pack and Redkit. This vulnerability affects Java 7 versions up to and including the current version of Java, 7u10. It should be noted that while it only affects version 7, Java 6 users will be forced to automatically upgrade to version 7 in February of this year, which means that even more people will be exposed to this vulnerability than are currently exposed.

Proof of concept code is already publicly available and we expect to see fully functioning exploit code incorporated into even more exploit frameworks within the next few days.

The bug itself allows the attacker to bypass certain security mechanisms in the Java sandbox, elevating the privileges of the attacker on the system, so they can execute any code they want to on the vulnerable system within the context of the current user. This means that if you are currently running with administrator privileges, the attacker’s code will be able to access a huge amount of the system’s resources, compared to if you were running with lower privileges. To mitigate this kind of risk, there are solutions such as PowerBroker for Windows, which help businesses manage desktop privileges.

For the time being, the current mitigation is to disable Java. If you don’t need it, remove it from the system entirely.

BeyondTrust Customers
Those customers who are protected by Retina CS for enterprise threat management or Retina Network for vulnerability scanning, can detect this vulnerability with the following audits:

- 18000 – Oracle Java Security Bypass Remote Code Execution (Zero-Day) – Windows
- 18001 – Oracle Java Security Bypass Remote Code Execution (Zero-Day) – UNIX/Linux

Tags:
, , , , , ,

Leave a Reply

5 Responses to “Java Zero Day Exploit – Java 7 Not the Answer”

  1. Tony

    Sounds like in February Oracle will require us to run into a burning building.

    January 10, 2013 2:59:26, Reply
  2. Java 7 0day actively exploited in the wild | thornstrom blog

    [...] Read full blog post at: BeyondTrust [...]

    January 10, 2013 3:09:24, Reply
  3. Philip

    What is the CVE for this 0-day?

    January 10, 2013 3:38:38, Reply
  4. raphael

    We are using SIEM solution to validate all the traffic that could come to or from the computers. For zero-day vulnerability, the Proxy & FW are set with advanced rules to blocked all websites except the predefined white-list. Also we have dedicated security team to verify the risks that all the up2date computer could faced.

    January 11, 2013 10:54:54, Reply
  5. Gregory

    In my opinion: The Windows environment Java Exploit describe by DHS and Oracle can be Contained in kind of a walled garden using “Symantec Endpoint protection’s” “Application and device control” policy feature. This is done by first building an execute rule around the JRE exe’s and Dll’s java uses to define its sand box, basically telling JRE it cannot execute any applications out side its own Shell or you can specify exactly what apps java can spawn or compile, and from where!, Next build a file/folder write restriction policy that says where & what JRE can write to the disk, registry & memory. Now write a rule that explicitly states what applications can spawn the JRE. Over simplified, I know but we have done this for other application with simular exploit potential in windows environments

    January 12, 2013 11:08:53, Reply

Additional articles

PowerBroker Password Safe Password Age Report

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

Tags:
, , ,
PowerBroker for Windows tamper protection

PowerBroker for Windows 6.6 Tamper Protection

Posted July 18, 2014    Morey Haber

I have a bone to pick: Stopping an administrator from performing an action on a system is futile endeavor. As an administrator, there is always a way to circumvent a solution’s from tampered protection. Really! By default, Windows administrators have unrestricted access to the system – and even though an application, hardened configuration, or group policy…

Tags:
, ,
PowerBroker for Windows can be configured to automatically identify the end user’s language preference

Implementing Least Privilege Around the World with PowerBroker for Windows

Posted July 17, 2014    Morey Haber

BeyondTrust recognizes that international, multilingual businesses have unique operating challenges, especially when it comes to implementing enterprise software. PowerBroker for Windows is a least-privilege solution often deployed across thousands of systems spanning multiple geographies and protecting users of diverse backgrounds. Earlier this year, PowerBroker for Windows introduces new data privacy features for EMEA and APAC,…

Tags:
, ,