• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 864
  • Last Modified:

java exploit

Is anone familar with this oracle/java exploit:  http://securitywatch.pcmag.com/hacking/302019-security-warning-disable-java-now

If so, does anyone have any clever ideas as to thwart against it until a patch is released. I have a large internet explorer environment and need help with ideas as to a makeshift countermeasure to protect against it. Thoughts?
0
DEFclub
Asked:
DEFclub
1 Solution
 
Rich RumbleSecurity SamuraiCommented:
Least use Privilege is a good start, users should not be administrators of their machines. That step mitigates 90% of virus/malware effectiveness as well.http://blogs.msdn.com/b/aaron_margosis/archive/2006/06/02/614226.aspx
http://richrumble.blogspot.com/2006/08/anti-admin-vs-anti-virus.html
Other than that, currently there is a Java update you should push out, and 24hrs later someone created a way around that update, so you have to rely on your AV on the client or at a proxy level to stop them. Next to that you either disable Java, uninstall Java, or only allow java to be used/called for certain trusted sites. All of which are difficult to do if you do not have the tools or resources at hand. Having the users as non-admins from jump may save you 90% of the time (like here) but there are other exploits where you need to rely on other mitigation like AV or system settings.
http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/
-rich
0
 
DEFclubAuthor Commented:
thxs
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now