Jeremy Scott | August 27, 2012
Earlier today, security vendor FireEye released information about a new Java 0-day vulnerability that was caught in the wild. It appears that the vulnerability is capable of being exploited on fully patched Java Runtime Environment (JRE) 1.7 update 6, which is the current up-to-date release. Not sure if it is related but there is also mention of exploit code that was added to a couple of exploit frameworks used for penetration testing recently that may be using the same 0-day vulnerability.
We know is that the exploit has been discovered in the wild and is currently being used to target would-be victims. The exploit code comes in the form of a malicious JAR file. HTML code on a malicious webpage loads a Java applet which then passes some parameters to the JAR file in order to build a URL which downloads the payload. Currently, the exploit observed in the wild is downloading a payload executable that seems to be a variant Poison Ivy. Poison Ivy is a remote access tool (a RAT) which allows a remote "operator" to control a system.
So what’s the importance of this? The standard Oracle patch cycle is every 4 months. The next patch day for Oracle is scheduled for October 16, which is almost two months away. Considering that Oracle almost never issues a patch out-of-cycle, there is significant time for the vulnerability to be leveraged by attackers until a patch is released.
Where does this leave us? Until the vulnerability is addressed and a patch released, you should consider disabling Java plug-ins / add-ons in your web browsers (here’s a link that explains how to do that in IE). This mitigation will have significant implications in browser functionality with web applications and Internet browsing if Java is needed.
You should also notify employees of the new threat to spread awareness and be on alert for phishing emails attempting to leverage the vulnerability.
See how Solutionary managed security services based on the patented ActiveGuard® service platform combine security intelligence and expertise to provide visibility, threat detection and event response.
POST A COMMENT