Posted by: kenwbudd | October 18, 2010

Microsoft seeing record levels of Java Malware

According to data from Microsoft’s malware protection center, there has been an “unprecedented wave” of exploits against vulnerabilities in Oracle Sun’s Java software in 2010.

Microsoft’s Holly Stewart notes that there has been a dramatic spike in Java attacks in the third quarter this year, mostly against these three vulnerabilities:

CVE
Attacks
Computers
Description
CVE-2008-5353
3,560,669
1,196,480
A deserialization issue in vulnerable versions of JRE (Java Runtime Environment) allows remote code execution through Java-enabled browsers on multiple platforms, such as Microsoft Windows, Linux, and Apple Mac OS X.
CVE-2009-3867
2,638,311
1,119,191
Another remote code execution, multi-platform issue caused by improper parsing of long file:// URL arguments.
CVE-2010-0094
213,502
173,123
Another deserialization issue, very similar to CVE-2008-5353.

“The first two, in particular, have gone from hundreds of thousands per quarter to millions,” Stewart said.
The startling data comes on the heels on last week’s massive Java patch that covered 29 critical security vulnerabilities.

According to Oracle, 28 of these vulnerabilities could be remotely exploitable without authentication (over a network without the need for a username and password). The patches are available for Windows, Linux and Solaris users.

According to Oracle’s advisory,  15 of the 29 vulnerabilities carry the maximum 10.0 CVSS severity rating.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: