Microsoft has warned the public about the emergence of a "wave of unprecedented" attack exploits vulnerabilities in the Java programming code.
Holly Stewart, an analyst at Microsoft, said he discovered the phenomenon while collecting data for ninth volume of the intelligence report about Microsoft security.
Stewart explained in the Microsoft blog in recent months the number of exploits for Java has grown from a few hundred thousand to over 6 million. This figure is also much higher than the nearly 100,000 Adobe exploits were detected at the same time.
Most attacks exploit three vulnerabilities conocidas de Java que llevan meses parchadas.
La vulnerabilidad más explotada es la denominada CVE-2008-5353 por el “diccionario” de vulnerabilidades CVE (Common Vulnerabilities and Exposures), que es el blanco de más de la mitad de los ataques. Esta vulnerabilidad es una falla de deserialización en Java Runtime Environment que permite la ejecución remota de código en navegadores con Java de varias plataformas, como Windows, Linux, y Mac OS X.
En segundo lugar se encuentra CVE-2009-3867, que permite que los atacantes introduzcan código maliciosos usando URLs demasiado largos. La tercera vulnerabilidad, conocida como CVE-2010-0094, es la menos atacada y tiene características similares a CVE-2008-5353.
"Java is everywhere and, as often happened with browsers and document readers such as Adobe Acrobat, users can not think of upgrading. Java runs in the background to highlight the work of other components (...). Now we must decide what to do with this pervasive technology that attackers have begun to explode. "
Sources:
'Unprecedented wave' of Java exploits hits users, says Microsoft Computerworld
Microsoft Warns of "Unprecedented" Exploitation SC Magazine
Java Java exploits
Have skyrocketed, Microsoft researcher says NetworkWorld
Holly Stewart, an analyst at Microsoft, said he discovered the phenomenon while collecting data for ninth volume of the intelligence report about Microsoft security.
Stewart explained in the Microsoft blog in recent months the number of exploits for Java has grown from a few hundred thousand to over 6 million. This figure is also much higher than the nearly 100,000 Adobe exploits were detected at the same time.
Most attacks exploit three vulnerabilities conocidas de Java que llevan meses parchadas.
La vulnerabilidad más explotada es la denominada CVE-2008-5353 por el “diccionario” de vulnerabilidades CVE (Common Vulnerabilities and Exposures), que es el blanco de más de la mitad de los ataques. Esta vulnerabilidad es una falla de deserialización en Java Runtime Environment que permite la ejecución remota de código en navegadores con Java de varias plataformas, como Windows, Linux, y Mac OS X.
En segundo lugar se encuentra CVE-2009-3867, que permite que los atacantes introduzcan código maliciosos usando URLs demasiado largos. La tercera vulnerabilidad, conocida como CVE-2010-0094, es la menos atacada y tiene características similares a CVE-2008-5353.
"Java is everywhere and, as often happened with browsers and document readers such as Adobe Acrobat, users can not think of upgrading. Java runs in the background to highlight the work of other components (...). Now we must decide what to do with this pervasive technology that attackers have begun to explode. "
Sources:
'Unprecedented wave' of Java exploits hits users, says Microsoft Computerworld
Microsoft Warns of "Unprecedented" Exploitation SC Magazine
Java Java exploits
Have skyrocketed, Microsoft researcher says NetworkWorld
0 comments:
Post a Comment