The new Oracle Java arbitrary code execution vulnerability has not only hit many news wires and social media outlets, but many victims as well, and it has been incorporated into several exploit kits. This critical vulnerability, as documented in IntelliShield alert 27845, could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system with the privileges of the user. If the user has administrator privileges, the attacker could completely “own” the system. A fix is currently not available.
Update: Oracle released a software update (JDK7 update 11) that fixes this vulnerability. The update is available on their website. If you disabled Java in the Java Control Panel, you will need to manually re-enable it after installing the patch by using the check box in the Security tab of the Java Control Panel. Oracle’s security advisoryand JDK7 update 11 release notesincludes more information about the patch.
The exploit is now found in several exploit kits!
There are many reports that the vulnerability is being “exploited in the wild”. Not only is the exploit publicly available, but it has been incorporated into exploit kits such as Blackhole, Cool, and Nuclear Pack. Exploit kits make it easy for criminals to spread malicious software using exploits that take advantage of well-known and new vulnerabilities. New exploit kits are loaded with some of the most dangerous zero-day exploits (including this one) and other features, which allow criminals to increase their profits.
The impact to the public is huge! Java is used by millions of users around the world. It is used in Microsoft Windows, Apple’s Mac OS-X, and Linux systems, as well as many mobile devices.
What’s the difference between this Java vulnerability and the one from 2012?
Because a fix is not currently available, users are strongly advised to disable Java and the Java plug-in in web browsers. The following links include step-by-step instructions about how to disable Java in different web browsers:
If you are using Java 7 Update 10 or later, you can execute the Java installer with the WEB_JAVA=0 command-line option. Oracle’s Java documentation has more detailed information about this feature.
Cisco has released an Intrusion Prevention System (IPS) signature (signature ID 1804/0). Network and security administrators can use this signature in Cisco IPS appliances and services modules to provide threat detection and help prevent attempts to exploit this vulnerability.
These are only countermeasures and mitigations, users should be prepared to upgrade their Java installations when available from Oracle.
For the latest updates about this vulnerability and all other threat and vulnerability data, remember to visit Cisco SIO at cisco.com/security.
What is a RAT?Create A Profile:Wrap Up
What's worse than a RAT? Multiple!
What is a RAT?
RATs are also known as Remote Access Trojans. They allow attackers to place backdoors on infected system. This gives them a foothold into your environment to further...
Hi,I would like to ask for experts' opinion on how to address the following design scenario: We currently rely on Posture (Anyconnect based) for NAC via ISE for granting endpoint access to our network (per VPN as well as WLC based) based on a given s...
Hi guys,Running ACS v5.8 and created an admin account in the ReadOnlyAdmin role but when they try and login to web gui(https://<ip address>/acsadmin) they get Access Denied. If I make them a SuperUser they get on fine........any ideas for ReadOnlyAd...
Have a 5525-X used as a perimeter fw and we want to update the software to the appropriate stable release. We do not have FirePower. Read the ASA Upgrade Guide and have looked at the various interim releases and I don't know which to select.&nb...