?
Solved

java exploit

Posted on 2014-08-28
15
Medium Priority
?
735 Views
Last Modified: 2014-10-02
Microsoft Security Essentials  caught java exploit as  part of the scan, I am really worried. should I remove java from my computer? do I need it ? is there a legitimate version  that I can download and how do I know what I have is a clean program . please help
Exploit-2.JPG
Java-Exploit.JPG
0
Comment
Question by:Basem Khawaja
  • 5
  • 4
  • 3
  • +3
15 Comments
 
LVL 28

Expert Comment

by:dpearson
ID: 40291469
Yeah just update to the latest version:
java.com/download

You probably have an old version which has a potential exploit.  These are generally mostly theoretical risks, but it's best to update to be sure.

Doug
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40291481
basemkhawaja64 --
The latest version of Java  is  Version 7 Update 67 .  You can see what version you now have from Control Panel|Programs and Features.
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 40291541
Also, I do not recall seeing standard Java programs by that name. I think you should let Security Essentials deal with the threat, uninstall Java, and then go to www.java.com to get version 67. Download the full X86 version for windows and install it.

Make sure Security Essentials has scanned your whole system.

I have MSE on a couple of virtual machines with Java V67 and no threats coming up.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 50

Accepted Solution

by:
jcimarron earned 2000 total points
ID: 40291635
basemkhawaja64 --
I should have added the following to my post above.
Since I expect you will be manually installing the latest version of Java, you should uninstall the old version.  Java offers an uninstaller tool.  This should avoid conflict between the old and new versions.
http://www.java.com/en/download/faq/uninstaller_toolinfo.xml

In the future you can set Java up to tell you when new versions are available.  Control Panel|Java|on the Java Console|Update tab, click Check for Updates Automatically.  Use the Notify me drop down menu to choose what you want Java to do with the Updates.  Click Apply|OK

To download the latest version of Java the download page is
http://java.com/en/download/manual.jsp
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 40292078
Also, I do not recall seeing standard Java programs by that name. I think you should let Security Essentials deal with the threat, uninstall Java

Those aren't programs, they describe the vulns that version of the JRE contains:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0422

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2460

Also, i'd personally uninstall Java before letting any AV app have its way with it or it can create a broken install. Actually that goes for any malware.

Description: This program is dangerous and exploits the computer on which it is run

What they mean is that it COULD exploit it. That however is no cause for complacency - the JRE is now the commonest attack vector against Windows boxes
0
 
LVL 3

Expert Comment

by:Mike Sun
ID: 40292491
It's worth checking if you really need Java to be installed. If not, it's best to simply remove it as a high proportion of malware comes through as exploits of Java vulnerabilities.

If Java is essential (a somewhat uncommon case these days), then make sure Java is kept up to date to minimise any security loopholes...
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 40292755
I see Java in use in several websites I use, so I keep it installed.

Also, I read that Java 7 is at end of service in October, so I have both of my own machines at Java 8 release 20 right now.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40292951
I believe Java 8 has several problems/bugs.  
If you run http://java.com/en/download/installed.jsp?detect=jre  you will see what version you have and if it is version 7 update 67 a Windows 7 user will be told that is the version Oracle recommends.
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 40292999
There have been 3 releases of Java 8 and it is running smoothly on both my Windows 8 machine and on my Windows 7 machine. There were bugs in Java 7 as well. I think both versions conflict with some EMET settings but I have sorted that out as well.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40293110
John Hurst--
I do not dispute what works on your machines.  I just point out that Oracle does not seem to recommend Java 8--at least not on my Win 7 64 bit Ultimate OS.
0
 

Author Comment

by:Basem Khawaja
ID: 40293300
jcimarron
once again you are a genius. one question though. I selected before downloading  ,the other option was before installing for the notify me .... what is the difference , I did verify now I have java 7 update 67 vs., the old one was 55. My friend one more thing I am still having a problem with my pictures they are not deleted till I click f5 refresh I click delete they still remain in the folder. you had helped me on this problem previously u suggested to use windows I did but still the same thing happens.  thank you
0
 

Author Closing Comment

by:Basem Khawaja
ID: 40293311
he is very smart
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40293377
basemkhawaja64--
You are welcome.  It is always a pleasure to try to help you.
On the Java Console Update tab, the two options for Notify Me once you have checked Check for Updates Automatically are "Before Downloading" and "Before Installing".  The first means Java will notify you before downloading .  The second means Java will download but not install until you agree.  The downloaded file will be in your Download Folder (unless you have changed that).

I am not sure I understand your second question.  Are you talking about the .jpg screenshots you posted here?   Sometimes when you delete a file, the icon will still appear in the location it was before you deleted.  But it should not function if you try to open it since the content will, in fact have been deleted.   A reboot, or as you have done a refresh, will delete the icon.
0
 

Author Comment

by:Basem Khawaja
ID: 40293541
No it is not about the ones that I posted here but in my other picture folders although in some folders I have seen when I delete it it goes away which is what I expected.thank you
0
 

Author Comment

by:Basem Khawaja
ID: 40358331
Ok thx
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn different types of Android Layout and some basics of an Android App.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Suggested Courses
Course of the Month14 days, 18 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question