Java Vulnerabilities Greatest Exploit in H1-2011

According to Microsoft, cyber-criminals keep on taking advantage of security flaws within Java despite Oracle already issuing patches for some, only because end-users don't update their systems properly.

Reportedly, Microsoft had discovered exploits of around a half to a third associated with the Java Runtime Environment. Presently, similar instances tend to constantly rise from quarter to quarter.

Brian Krebs Director of Trustworthy Computing Group at Microsoft discovered how malware in one instance used a Java vulnerability already patched wherein that malicious program was packaged with one malware toolkit that criminals could buy from underground websites.

Meanwhile, security researchers from Microsoft stated within earlier Security Intelligence Reports how there had been a rise in online assaults using Java exploits, with such assaults exceeding those associated with Adobe during 2010. The recent Microsoft Security Intelligence Report vol. II noted that exploits of the most common kinds during H1-2011 attacked the JRE (Java Runtime Environment), Java SE within JDK (Java Development kit) and JVM (Java Virtual Machine) of Oracle.

And just like Director Tim Rains of the Trustworthy Computing Group of Microsoft explains within a post he made to the company's blog, malware peddlers will keep on unleashing attack-codes incase there were constant favorable results accruing to them owing to their efforts. H-online reported this on November 30, 2011.

Rains wrote that cyber-attackers were found to destructively aim at Java flaws that were omnipresent, observing that according to Oracle, more than 3bn computers ran Java. Eweek.com published this dated November 29, 2011.

Furthermore, Krebs wrote that it'd merely require users to visit one booby-trapped website within Internet Explorer/Firefox of Microsoft/Mozilla respectively, which was having older Java software to result in malware getting installed from the website.

Essentially, among the 4 Java exploits ordinarily identified, while 1 got attention within certain December 2008 security update, a different one was addressed within a November 2009 update. The remaining 2 got attention in the March 2010 update. And given that cyber-attackers are yet targeting the exploits even after the security updates have been published, it only shows that numerous users aren't making their systems up-to-date with the necessary frequency.

Related article: Job Hunters Conned By Mystery Shopping Scammers

» SPAMfighter News - 12/7/2011