Microsoft reports 'unprecedented wave' of Java malware exploits

According to data from Microsoft's malware protection center, there has been an "unprecedented wave" of exploits against vulnerabilities in Oracle Sun's Java software in 2010.

According to data from Microsoft's malware protection center, there has been an "unprecedented wave" of exploits against vulnerabilities in Oracle Sun's Java software in 2010.

Microsoft's Holly Stewart notes that there has been a dramatic spike in Java attacks in the third quarter this year, mostly against these three vulnerabilities:

CVE
Attacks
Computers
Description
CVE-2008-5353
3,560,669
1,196,480
A deserialization issue in vulnerable versions of JRE (Java Runtime Environment) allows remote code execution through Java-enabled browsers on multiple platforms, such as Microsoft Windows, Linux, and Apple Mac OS X.
CVE-2009-3867

2,638,311

1,119,191
Another remote code execution, multi-platform issue caused by improper parsing of long file:// URL arguments.
CVE-2010-0094

213,502

173,123
Another deserialization issue, very similar to CVE-2008-5353.
"The first two, in particular, have gone from hundreds of thousands per quarter to millions," Stewart said.

The startling data comes on the heels on last week's massive Java patch that covered 29 critical security vulnerabilities.

follow Ryan Naraine on twitter

According to Oracle, 28 of these vulnerabilities could be remotely exploitable without authentication (over a network without the need for a username and password). The patches are available for Windows, Linux and Solaris users.

According to Oracle’s advisory,  15 of the 29 vulnerabilities carry the maximum 10.0 CVSS severity rating.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All