Save to Favourites

Published on Wednesday, 30 January 2013

Delta Security Advisory - Java Vulnerability


Patch ManagementWelcome to the Delta Advisory, this is to advise you of any important notifications that you need to know about to protect your systems so please read the following.

Recent vulnerabilities have been found in the JAVA program. These present a significant risk of zero day attacks that are hard to protect against, as such we recommend patching your systems as soon as possible.

Where possible it is recommended to disable JAVA entirely to mitigate this risk. Where this is not possible the following updates should be applied as soon as possible depending on the version being run.

  • Java Runtime Environment 6.0 Update 38
  • Java Runtime Environment 7.0 Update 11

If you are unsure of whether you have applied this update or would like help in doing so please let us know.

Note: If DELTA already patches your systems then we have done this for you unless we have been instructed otherwise or we will be in contact shortly to arrange having this patch deployed.

The DELTA team is also monitoring industry updates on this threat and has stepped up its vulnerability assessments to assist in mitigating threats that will associate themselves to this vulnerability.  

As more information becomes available rest assured we will be adding the footprint analysis of these known exploits into our monitoring system for early detection that may indicate a worm or other malicious activity.

For further information about this threat please click the following link or read the excerpt below

Or contact us on 0800 335 828

Kind Regards The Delta Team

Oracle Security Alert for CVE-2013-0422

This Security Alert addresses security issues CVE-2013-0422 (US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability) and another vulnerability affecting Java running in web browsers. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software.

The fixes in this Alert include a change to the default Java Security Level setting from "Medium" to "High". With the "High" setting, the user is always prompted before any unsigned Java applet or Java Web Start application is run.

These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user's system.

Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2013-0422 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.




Rate this article:
No rating
Comments (0)Number of views (2899)

Author: SuperUser Account

Categories: Library, Patching Advisory, Security Advisory


Please login or register to post comments.

Library Support Portal Partner Portal