Java Zero Day Flaw Puts Millions of Users at Risk

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
A recently discovered flaw in Java shows indications of rapid exploitation by hackers using the Blackhole exploit kit to install malware on systems. The flaw can be utilized on just about all operating systems and browsers. So far, Oracle has not issued an emergency patch or fix for the zero day vulnerability.

"After seeing the reliability of this attack, I have no doubt in my mind that within hours the casualties will be in the thousands."
 
As a system administrator, I hate Oracle, Java, Flash, Shockwave, AIR, Firefox, Internet Explorer, Office, and Windows (at least from a patching standpoint). :D
 
As a system administrator, I hate Oracle, Java, Flash, Shockwave, AIR, Firefox, Internet Explorer, Office, and Windows (at least from a patching standpoint). :D

can you tell me what you dont hate? would be a shorter list :D
 
This is Larry Ellison's problem now. When he bought out Sun, Java was included.
 
Oh just great...and pushing Java through SCCM always breaks a bunch of machines. :(

Though, on a positive note, Oracle hasn't released a patch yet so there's nothing to push/fix after the push for now! :) Yaay for Oracle! YAAAY!
 
As a system administrator, I hate Oracle, Java, Flash, Shockwave, AIR, Firefox, Internet Explorer, Office, and Windows (at least from a patching standpoint). :D

As a Desktop Support Tech, I agree with you. Shits always broke.
 
So you patch Java to the latest version...BUT....that makes it not work for the one website that someone has to get on today so they can make payments, etc. The website refuses to update their code because "it has always worked".
 
So glad I use OpenJDK/OpenJRE. This is why proprietary software is dangerous; you are completely at the mercy of the vendor for these kind of security holes.
 
As a system administrator, I hate Oracle, Java, Flash, Shockwave, AIR, Firefox, Internet Explorer, Office, and Windows (at least from a patching standpoint). :D

WSUS is your friend for MS updates, friend. I agree with you about Oracle and Java products. They're lousy and updating them is a chore since they're automatic update function doesn't work. If we didn't have to have Java in use for some soft-phone software here at work I'd cut it out completely.
 
Good luck if you are using IE10 on Windows 8. You have both unpatched Flash and unpatched Java at this point.
 
So you patch Java to the latest version...BUT....that makes it not work for the one website that someone has to get on today so they can make payments, etc. The website refuses to update their code because "it has always worked".

Then just install the version it requires... You can have multiple versions of Java on a computer.
 
Then just install the version it requires... You can have multiple versions of Java on a computer.

Yeah, the runtime is built so that multiple versions can reside on a single machine. Though...yuck! It's bad enough to have one version of that massive pit of security problems on your computer, let alone two.

The entire idea of Java was stupid to begin with. Now we can cheap out on developers because they don't actually have to know anything about the hardware platform or anything about actual computer science. Instead of somewhat more costly, yet more knowledgable programmers, we can have dime-a-dozen code monkies who are all throw-away people and act like it at work. Three cheers for Java bytecode and VMs!
 
As a system administrator, I hate Oracle, Java, Flash, Shockwave, AIR, Firefox, Internet Explorer, Office, and Windows (at least from a patching standpoint). :D

Patching Windows in a an Active Directory environment is super easy. More specifically if you deploy WSUS which last I checked was free. It's very easy to use and manage patches with it.
 
Patching Windows in a an Active Directory environment is super easy. More specifically if you deploy WSUS which last I checked was free. It's very easy to use and manage patches with it.

WSUS can't push updates for Java. SCCM is necessary for such things and even it sometimes has trouble getting JRE properly installed. 6 update 24 was particularly horrible.
 
WSUS can't push updates for Java. SCCM is necessary for such things and even it sometimes has trouble getting JRE properly installed. 6 update 24 was particularly horrible.

Group Policy pushes out Adobe Reader, Flash, and Java just fine. That's how we do it. We are moving to SCCM next year though.
 
Group Policy pushes out Adobe Reader, Flash, and Java just fine. That's how we do it. We are moving to SCCM next year though.

I've heard of that being done, but haven't ever tried it myself since SCCM and, before that, SMS has always been part of our enterprise. Good to know though for the "on-the-side" people that are more cost sensitive.
 
WSUS can't push updates for Java. SCCM is necessary for such things and even it sometimes has trouble getting JRE properly installed. 6 update 24 was particularly horrible.

I was talking purely about Microsoft applications and the OSes. Hatred of Java is perfectly normal. I hate it too.
 
I was talking purely about Microsoft applications and the OSes.

I was being illiterate this morning. :) Where's some coffee?

Hatred of Java is perfectly normal. I hate it too.

Thanks to you, I now feel like I fit in and am completely normal. :D DeathPrincess will be so proud of me.
 
If I understood correctly this vulnerability only affects Java version 7.xx. Version 6.xx should be safe, so us who have not updated our Javas for a while should be OK, no?
 
I've already had to "fix" 2 employee PCs because some of our intranet stuff wasn't working right. They had read this news story and similar ones and disabled JAVASCRIPT. :( :(

Java != Javascript

We'll probably get customer calls about this later too.
 
Group Policy pushes out Adobe Reader, Flash, and Java just fine. That's how we do it. We are moving to SCCM next year though.

I was going to say, Microsoft is pushing SCCM and Intune to do 3rd party pushes. I'd go with SCCM regardless of seat size because I was quoted for ~$10 per seat per month for Intune....um, hell no :)
 
I've already had to "fix" 2 employee PCs because some of our intranet stuff wasn't working right. They had read this news story and similar ones and disabled JAVASCRIPT. :( :(

Java != Javascript

We'll probably get customer calls about this later too.

Wow better check the coffee machine in the break room too :p
 
I just deleted Java for now... I just got this laptop, dammit, I don't need any weirdness! :D
 
Java is an attackers best friend. I never run Java on any of my systems, except for a single VM when I encounter a website that absolutely has to have it. People piss me off when they keep programing with that crappy language.
 
Back
Top