Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Java Zero Day Exploit – Java 7 Not the Answer

Posted January 10, 2013    BeyondTrust Research Team

A new Java zero-day vulnerability has been seen exploiting hundreds of thousands of machines. This 0day has already been incorporated into Cool Exploit Kit and Blackhole, in addition to Nuclear Pack and Redkit. This vulnerability affects Java 7 versions up to and including the current version of Java, 7u10. It should be noted that while it only affects version 7, Java 6 users will be forced to automatically upgrade to version 7 in February of this year, which means that even more people will be exposed to this vulnerability than are currently exposed.

Proof of concept code is already publicly available and we expect to see fully functioning exploit code incorporated into even more exploit frameworks within the next few days.

The bug itself allows the attacker to bypass certain security mechanisms in the Java sandbox, elevating the privileges of the attacker on the system, so they can execute any code they want to on the vulnerable system within the context of the current user. This means that if you are currently running with administrator privileges, the attacker’s code will be able to access a huge amount of the system’s resources, compared to if you were running with lower privileges. To mitigate this kind of risk, there are solutions such as PowerBroker for Windows, which help businesses manage desktop privileges.

For the time being, the current mitigation is to disable Java. If you don’t need it, remove it from the system entirely.

BeyondTrust Customers
Those customers who are protected by Retina CS for enterprise threat management or Retina Network for vulnerability scanning, can detect this vulnerability with the following audits:

– 18000 – Oracle Java Security Bypass Remote Code Execution (Zero-Day) – Windows
– 18001 – Oracle Java Security Bypass Remote Code Execution (Zero-Day) – UNIX/Linux

, , , , , ,

Leave a Reply

5 Responses to “Java Zero Day Exploit – Java 7 Not the Answer”

  1. Tony

    Sounds like in February Oracle will require us to run into a burning building.

    January 10, 2013 2:59:26, Reply
  2. Java 7 0day actively exploited in the wild | thornstrom blog

    […] Read full blog post at: BeyondTrust […]

    January 10, 2013 3:09:24, Reply
  3. Philip

    What is the CVE for this 0-day?

    January 10, 2013 3:38:38, Reply
  4. raphael

    We are using SIEM solution to validate all the traffic that could come to or from the computers. For zero-day vulnerability, the Proxy & FW are set with advanced rules to blocked all websites except the predefined white-list. Also we have dedicated security team to verify the risks that all the up2date computer could faced.

    January 11, 2013 10:54:54, Reply
  5. Gregory

    In my opinion: The Windows environment Java Exploit describe by DHS and Oracle can be Contained in kind of a walled garden using “Symantec Endpoint protection’s” “Application and device control” policy feature. This is done by first building an execute rule around the JRE exe’s and Dll’s java uses to define its sand box, basically telling JRE it cannot execute any applications out side its own Shell or you can specify exactly what apps java can spawn or compile, and from where!, Next build a file/folder write restriction policy that says where & what JRE can write to the disk, registry & memory. Now write a rule that explicitly states what applications can spawn the JRE. Over simplified, I know but we have done this for other application with simular exploit potential in windows environments

    January 12, 2013 11:08:53, Reply

Additional articles


Scottrade Breach: Identified by Federal Officials

Posted October 5, 2015    Morey Haber

Late afternoon on October 2nd, news leaked out of another large security breach, now at Scottrade. The identity count of records, in the millions again (4.6 million is the latest). This breach comes on the second day of national CyberSecurity month, the first being Experian/T-Mobile breach.

3d image Data Breach issues concept word cloud background

Experian/T-Mobile Data Breach: When 2 Days is not Enough

Posted October 2, 2015    Morey Haber

On October 1, Experian admitted full responsibility for the loss of T-Mobile customer data. 15 million user records dating back to 2013 were effected in the breach, with data including sensitive information that may be decryptable like social security numbers and drivers licenses.


Who Moved My Front Door? (What is Privileged Account Management?)

Posted October 1, 2015    Nigel Hedges

Not too long ago, I was sitting in a room with a very fluffy sales guy. In between words such as “we’ll make this happen” and “leave it with me, I’ll get it sorted” he asked the question “What is Privileged Account Management”?