The new Oracle Java arbitrary code execution vulnerability has not only hit many news wires and social media outlets, but many victims as well, and it has been incorporated into several exploit kits. This critical vulnerability, as documented in IntelliShield alert 27845, could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system with the privileges of the user. If the user has administrator privileges, the attacker could completely “own” the system. A fix is currently not available.
Update: Oracle released a software update (JDK7 update 11) that fixes this vulnerability. The update is available on their website. If you disabled Java in the Java Control Panel, you will need to manually re-enable it after installing the patch by using the check box in the Security tab of the Java Control Panel. Oracle’s security advisoryand JDK7 update 11 release notesincludes more information about the patch.
The exploit is now found in several exploit kits!
There are many reports that the vulnerability is being “exploited in the wild”. Not only is the exploit publicly available, but it has been incorporated into exploit kits such as Blackhole, Cool, and Nuclear Pack. Exploit kits make it easy for criminals to spread malicious software using exploits that take advantage of well-known and new vulnerabilities. New exploit kits are loaded with some of the most dangerous zero-day exploits (including this one) and other features, which allow criminals to increase their profits.
The impact to the public is huge! Java is used by millions of users around the world. It is used in Microsoft Windows, Apple’s Mac OS-X, and Linux systems, as well as many mobile devices.
What’s the difference between this Java vulnerability and the one from 2012?
Because a fix is not currently available, users are strongly advised to disable Java and the Java plug-in in web browsers. The following links include step-by-step instructions about how to disable Java in different web browsers:
If you are using Java 7 Update 10 or later, you can execute the Java installer with the WEB_JAVA=0 command-line option. Oracle’s Java documentation has more detailed information about this feature.
Cisco has released an Intrusion Prevention System (IPS) signature (signature ID 1804/0). Network and security administrators can use this signature in Cisco IPS appliances and services modules to provide threat detection and help prevent attempts to exploit this vulnerability.
These are only countermeasures and mitigations, users should be prepared to upgrade their Java installations when available from Oracle.
For the latest updates about this vulnerability and all other threat and vulnerability data, remember to visit Cisco SIO at cisco.com/security.
Hello I have problem with flaping trunel between Router and tow ASA firewall Here is my configuration with Router hostname Router!boot-start-markerboot-end-marker!vrf definition Mgmt-intf!address-family ipv4exit-address-fa...
Hi all, I have an FTD 6.3 on Firepower 4110. It is configured in routed mode with "the usual" configuration: outside, inside, DMZ, and serverfarm interfaces/zones with traffic allowed out but not in. I also have AnyConnect services for rem...
Hi, 1) Can ISE find mac address in this format? copy out from the switch sh mac address-tablea009.ed05.4678 2)Do i need to go into "each" identity groups and search whether this mac address belongs to the grp?OR is there a fastest way i can sear...