XIAM007

Making Unique Observations in a Very Cluttered World

Tuesday 29 November 2011

Half of all attacks detected and blocked by Microsoft's security software over a 12-month period were Java exploits -

Half of all attacks detected and blocked by Microsoft's security software over a 12-month period were Java exploits - 




Hackers continue to launch attacks exploiting vulnerabilities in Oracle's Java software in record numbers, Microsoft said Monday.


Citing research from a recent report, Tim Rains, a director in the company's Trustworthy Computing group, said that up to half of all attacks detected and blocked by Microsoft's security software over a 12-month period were Java exploits.


Altogether, Microsoft stopped more than 27 million Java exploits from mid-2010 through mid-2011.


Most of those exploits targeted long-ago-patched vulnerabilities, said Rains.


The most commonly-blocked Java attacks -- to the tune of over 2.5 million of them -- in the first half of 2011 exploited a bug disclosed in March 2010 and patched by Oracle the same month. Second on the popularity chart for the full 12-month stretch was an exploit of a bug patched in early December 2008, nearly three years ago.


Other bugs that made the actively-exploited list were quashed in November 2009 and March 2010.


Rain's comments followed a similar message from Microsoft in October 2010, when the company said an "unprecedented wave" of attacks were exploiting Java flaws.


Microsoft's findings were no surprise to outside security researchers.


"Most [Windows] machines are just not up-to-date with Java," said Wolfgang Kandek, chief technology officer at Qualys, a California developer of security risk and compliance management software and services.


Qualys regularly mines data from the customers' machines it protects to get a feel for updating practices. And for Java, those practices are pathetic.


"Java updates lag behind seriously," said Kandek, like Rains reiterating a 2010 take. "Eighty-four percent of the machines we see don't have the June 2011 Java update installed, 81% don't have the February 2011 update and 60% don't have the March 2010 update."


Read more -
http://www.computerworld.com/s/article/9222244/Hackers_launch_millions_of_Java_exploits_says_Microsoft?source=CTWNLE_nlt_pm_2011-11-29

No comments:

Post a Comment