Link to home
Start Free TrialLog in
Avatar of Basem Khawaja
Basem KhawajaFlag for United States of America

asked on

java exploit

Microsoft Security Essentials  caught java exploit as  part of the scan, I am really worried. should I remove java from my computer? do I need it ? is there a legitimate version  that I can download and how do I know what I have is a clean program . please help
Exploit-2.JPG
Java-Exploit.JPG
Avatar of dpearson
dpearson

Yeah just update to the latest version:
java.com/download

You probably have an old version which has a potential exploit.  These are generally mostly theoretical risks, but it's best to update to be sure.

Doug
basemkhawaja64 --
The latest version of Java  is  Version 7 Update 67 .  You can see what version you now have from Control Panel|Programs and Features.
Also, I do not recall seeing standard Java programs by that name. I think you should let Security Essentials deal with the threat, uninstall Java, and then go to www.java.com to get version 67. Download the full X86 version for windows and install it.

Make sure Security Essentials has scanned your whole system.

I have MSE on a couple of virtual machines with Java V67 and no threats coming up.
ASKER CERTIFIED SOLUTION
Avatar of jcimarron
jcimarron
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Also, I do not recall seeing standard Java programs by that name. I think you should let Security Essentials deal with the threat, uninstall Java

Those aren't programs, they describe the vulns that version of the JRE contains:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0422

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2460

Also, i'd personally uninstall Java before letting any AV app have its way with it or it can create a broken install. Actually that goes for any malware.

Description: This program is dangerous and exploits the computer on which it is run

What they mean is that it COULD exploit it. That however is no cause for complacency - the JRE is now the commonest attack vector against Windows boxes
It's worth checking if you really need Java to be installed. If not, it's best to simply remove it as a high proportion of malware comes through as exploits of Java vulnerabilities.

If Java is essential (a somewhat uncommon case these days), then make sure Java is kept up to date to minimise any security loopholes...
I see Java in use in several websites I use, so I keep it installed.

Also, I read that Java 7 is at end of service in October, so I have both of my own machines at Java 8 release 20 right now.
I believe Java 8 has several problems/bugs.  
If you run http://java.com/en/download/installed.jsp?detect=jre  you will see what version you have and if it is version 7 update 67 a Windows 7 user will be told that is the version Oracle recommends.
There have been 3 releases of Java 8 and it is running smoothly on both my Windows 8 machine and on my Windows 7 machine. There were bugs in Java 7 as well. I think both versions conflict with some EMET settings but I have sorted that out as well.
John Hurst--
I do not dispute what works on your machines.  I just point out that Oracle does not seem to recommend Java 8--at least not on my Win 7 64 bit Ultimate OS.
Avatar of Basem Khawaja

ASKER

jcimarron
once again you are a genius. one question though. I selected before downloading  ,the other option was before installing for the notify me .... what is the difference , I did verify now I have java 7 update 67 vs., the old one was 55. My friend one more thing I am still having a problem with my pictures they are not deleted till I click f5 refresh I click delete they still remain in the folder. you had helped me on this problem previously u suggested to use windows I did but still the same thing happens.  thank you
he is very smart
basemkhawaja64--
You are welcome.  It is always a pleasure to try to help you.
On the Java Console Update tab, the two options for Notify Me once you have checked Check for Updates Automatically are "Before Downloading" and "Before Installing".  The first means Java will notify you before downloading .  The second means Java will download but not install until you agree.  The downloaded file will be in your Download Folder (unless you have changed that).

I am not sure I understand your second question.  Are you talking about the .jpg screenshots you posted here?   Sometimes when you delete a file, the icon will still appear in the location it was before you deleted.  But it should not function if you try to open it since the content will, in fact have been deleted.   A reboot, or as you have done a refresh, will delete the icon.
No it is not about the ones that I posted here but in my other picture folders although in some folders I have seen when I delete it it goes away which is what I expected.thank you
Ok thx