There is a zero day vulnerability (identified flaw, with no patch available) being actively exploited across the Internet in Java. This zero day has already been incorporated into Cool Exploit Kit and Blackhole, in addition to Nuclear Pack and Redkit. Proof of concept code is already publicly available and we expect to see fully functioning exploit code incorporated into even more exploit frameworks within the next few days.
What does this mean to you?
- This vulnerability affects Java 7 versions up to and including the current version of Java, 7u10
- Even if you’re only running Java 6, users will be forced to automatically upgrade to version 7 in February of this year. This means further exposure to this vulnerability.
What you can do now to avoid being exploited
- Disable Java entirely
- If you don’t need Java, remove it from the system entirely
- Lower and manage desktop privileges with solutions like PowerBroker for Windows
- Scan and detect this vulnerability with Retina Network
more info and details can be found here:
So far ONLY fix available and recommended is disable JAVA on your systems if you do not require to run it for any reason. I am sure shortly will be available some sort of tools to make this happen quickly .. such as this quick, simple batch script that you can run on your network (WindowsXP/Windows7) and nicely remove the Java from your machines:
@ECHO OFF cls TITLE Uninstalling Java 6. . . wmic product where "name like 'Java(TM) 6%%'" call uninstall /nointeractive goto END :END pause exit
Tested on my Windows XP SP3 and Windows 7 machines:
Another way to protect yourself – if you cannot uninstall Java for whatever reason (my scenario) you can at least disable the browser plugin. Disabling the “Java Plug-In” is much simpler.
Here are the steps:
– Open the Java control panel
– Click on the “Security” tab
– Uncheck the option labeled “Enable Java content in the browser”
or you can do this this way:
Mozilla Firefox: From the main menu select Add-ons, and then disable any plugins with the word “Java” in them. Restart the browser.
Google Chrome: Click the wrench icon in the upper right corner of the browser window, then select Settings. In the search results box to the right in the next screen, type “Java”. A box labeled “Content settings” should be highlighted. Click that, and then scroll down to the Plug-ins section. Click the “Disable individual plug-ins” link, find Java in the list, and click the disable link next to it.
This will prevent any applets or web start apps from running, with the exception of web start apps that have been installed locally.
More can be found here: http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/
Update more info:
- News – KrebsOnSecurity
- Analysis – AlienVault Labs
- Analysis – Kafeine, Malware Don’t Need Coffee
- Malware Code – DangerLab via Pastebin