BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Java Zero Day Exploit – Java 7 Not the Answer

Posted January 10, 2013    BeyondTrust Research Team

A new Java zero-day vulnerability has been seen exploiting hundreds of thousands of machines. This 0day has already been incorporated into Cool Exploit Kit and Blackhole, in addition to Nuclear Pack and Redkit. This vulnerability affects Java 7 versions up to and including the current version of Java, 7u10. It should be noted that while it only affects version 7, Java 6 users will be forced to automatically upgrade to version 7 in February of this year, which means that even more people will be exposed to this vulnerability than are currently exposed.

Proof of concept code is already publicly available and we expect to see fully functioning exploit code incorporated into even more exploit frameworks within the next few days.

The bug itself allows the attacker to bypass certain security mechanisms in the Java sandbox, elevating the privileges of the attacker on the system, so they can execute any code they want to on the vulnerable system within the context of the current user. This means that if you are currently running with administrator privileges, the attacker’s code will be able to access a huge amount of the system’s resources, compared to if you were running with lower privileges. To mitigate this kind of risk, there are solutions such as PowerBroker for Windows, which help businesses manage desktop privileges.

For the time being, the current mitigation is to disable Java. If you don’t need it, remove it from the system entirely.

BeyondTrust Customers
Those customers who are protected by Retina CS for enterprise threat management or Retina Network for vulnerability scanning, can detect this vulnerability with the following audits:

– 18000 – Oracle Java Security Bypass Remote Code Execution (Zero-Day) – Windows
– 18001 – Oracle Java Security Bypass Remote Code Execution (Zero-Day) – UNIX/Linux

Tags:
, , , , , ,

Leave a Reply

5 Responses to “Java Zero Day Exploit – Java 7 Not the Answer”

  1. Tony

    Sounds like in February Oracle will require us to run into a burning building.

    January 10, 2013 2:59:26, Reply
  2. Java 7 0day actively exploited in the wild | thornstrom blog

    […] Read full blog post at: BeyondTrust […]

    January 10, 2013 3:09:24, Reply
  3. Philip

    What is the CVE for this 0-day?

    January 10, 2013 3:38:38, Reply
  4. raphael

    We are using SIEM solution to validate all the traffic that could come to or from the computers. For zero-day vulnerability, the Proxy & FW are set with advanced rules to blocked all websites except the predefined white-list. Also we have dedicated security team to verify the risks that all the up2date computer could faced.

    January 11, 2013 10:54:54, Reply
  5. Gregory

    In my opinion: The Windows environment Java Exploit describe by DHS and Oracle can be Contained in kind of a walled garden using “Symantec Endpoint protection’s” “Application and device control” policy feature. This is done by first building an execute rule around the JRE exe’s and Dll’s java uses to define its sand box, basically telling JRE it cannot execute any applications out side its own Shell or you can specify exactly what apps java can spawn or compile, and from where!, Next build a file/folder write restriction policy that says where & what JRE can write to the disk, registry & memory. Now write a rule that explicitly states what applications can spawn the JRE. Over simplified, I know but we have done this for other application with simular exploit potential in windows environments

    January 12, 2013 11:08:53, Reply

Additional articles

{c4eae211-3ca2-4f8e-b2b9-6df0e970aab1}_g.markhardy

The “insider” threat. Is it real, or is it being blown out of proportion?

Posted March 4, 2015    G. Mark Hardy

A lot depends on whether or not you’ve been compromised. And therein lies the problem. Cyber threats are often ignored until they cause some damage, at which point management looks for people to blame and gives all kinds of attention to fixing the problem – until the next crisis in accounting or warehousing or staffing comes along.

Tags:
, , ,
webinar_chalk

Webinar March 4th: Recreating the Carbanak Breach & Techniques for Mitigating Similar Attacks

Posted March 3, 2015    Lindsay Marsh

Join BeyondTrust Research and Development team for an in-depth live webinar that will explore the attack vectors used in the Carbanak Bank Breach and share successful mitigation techniques needed to prevent this type of attack.

Tags:
, ,
VMware Hardening Guidelines-img3

How to Audit VMware ESX and ESXi Servers Against the VMware Hardening Guidelines with Retina CS

Posted February 27, 2015    BeyondTrust Research Team

Retina CS Enterprise Vulnerability Management has included advanced VMware auditing capabilities for some time, including virtual machine discovery and scanning through a cloud connection, plus the ability to scan ESX and ESXi hosts using SSH. However, in response to recent security concerns associated with SSH, VMware has disabled SSH by default in its more recent…

Tags:
, , , ,