Microsoft reports 'unprecedented wave' of Java malware exploits

Summary:According to data from Microsoft's malware protection center, there has been an "unprecedented wave" of exploits against vulnerabilities in Oracle Sun's Java software in 2010.

According to data from Microsoft's malware protection center, there has been an "unprecedented wave" of exploits against vulnerabilities in Oracle Sun's Java software in 2010.

Microsoft's Holly Stewart notes that there has been a dramatic spike in Java attacks in the third quarter this year, mostly against these three vulnerabilities:

CVE
Attacks
Computers
Description
CVE-2008-5353
3,560,669
1,196,480
A deserialization issue in vulnerable versions of JRE (Java Runtime Environment) allows remote code execution through Java-enabled browsers on multiple platforms, such as Microsoft Windows, Linux, and Apple Mac OS X.
CVE-2009-3867

2,638,311

1,119,191
Another remote code execution, multi-platform issue caused by improper parsing of long file:// URL arguments.
CVE-2010-0094

213,502

173,123
Another deserialization issue, very similar to CVE-2008-5353.
"The first two, in particular, have gone from hundreds of thousands per quarter to millions," Stewart said.

The startling data comes on the heels on last week's massive Java patch that covered 29 critical security vulnerabilities.

follow Ryan Naraine on twitter

According to Oracle, 28 of these vulnerabilities could be remotely exploitable without authentication (over a network without the need for a username and password). The patches are available for Windows, Linux and Solaris users.

According to Oracle’s advisory,  15 of the 29 vulnerabilities carry the maximum 10.0 CVSS severity rating.

Topics: Malware, Microsoft, Open Source, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.