JUST IN: As end of Q2 nears, IBM employees fret 'resource actions'

Topic: Open Source

Discover

37 percent of users browsing the Web with insecure Java versions

Summary: Researchers from CSIS have monitored 50 different exploit kits, and found out that 31.3 % of users were infected with the virus/malware due to missing security updates.

Dancho Danchev

By for Zero Day |

Over a period of three months, researchers from CSIS have monitored 50 different exploit kits on 44 unique servers, and found out that 31.3 % were infected with the virus/malware due to missing security updates.

In particular, users were running outdated versions of specific applications and browser plugins. Java JRE accounted for 37 percent of the most vulnerable applications, followed by Adobe Reader/Acrobat with 32 percent and Adobe Flash with 16 percent.

Common vulnerabilities exploited by cybercriminals in their web malware exploitation kits include:

CVE-2010-1885 Microsoft Help & Support HCP CVE-2010-1423 Java Deployment Toolkit insufficient argument validation CVE-2010-0886 Java Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE CVE-2010-0842 Java JRE MixerSequencer Invalid Array Index Remote Code Execution Vulnerability CVE-2010-0840 Java trusted Methods Chaining Remote Code Execution Vulnerability CVE-2009-1671 Java buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll CVE-2009-0927 Adobe Reader Collab GetIcon CVE-2008-2992 Adobe Reader util.printf CVE-2008-0655 Adobe Reader CollectEmailInfo CVE-2006-0003 IE MDAC CVE-2006-4704 Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability CVE-2004-0549 ShowModalDialog method and modifying the location to execute code

Go through related posts:

Verify your Java version here, ensure that all of your plugins and software applications are up to date in order to mitigate the risks posed by the existence of web malware exploitation kits.

Topics: Open Source, Browser, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion

  • RE: 37 percent of users browsing the Web with insecure Java versions

    Now that is funny, I didn't realize there was a secure version of Java or flash for that matter!
    slickjim
    Reply Vote

    • RE: 37 percent of users browsing the Web with insecure Java versions

      @Peter Perry There isn't, but with hourly updates on both there very well might be soon.
      Net-Tech_z
      Reply Vote

      • dsfdsf

        Stuffed Animals Audio Video Equipment http://www.chinawholesaletown.com/wholesale-Pure-Cotton-Compressed/ Kitchenware
        Wholesale Clocks Wholesale T-Shirts http://www.chinawholesaletown.com/wholesale-Carabiner/ Calendar
        Inflatable Products Wholesale Keychain http://www.chinawholesaletown.com/wholesale-Scarf/ iPod iPhone
        Wholesale Gift Bags Voice Recorder http://www.chinawholesaletown.com/wholesale-Bracelet---Bangle/ Promotional Products
        Wholesale Belt Wholesale Pen http://www.chinawholesaletown.com/wholesale-Lunch-Box/ Health Care Products
        Solar Products Lady Beauty Care http://www.chinawholesaletown.com/wholesale-Mouse-Pad/ Mat
        Wholesale Kitchenware Wholesale Tag http://www.chinawholesaletown.com/wholesale-First-Aid-Kit/ Cards
        Computer Accessories Wholesale Ashtray http://www.chinawholesaletown.com/wholesale-Muslim-Products/ Silicone Products
        Wholesale Cap Wholesale Frisbee http://www.chinawholesaletown.com/wholesale-Glass/ USB Products
        Wholesale Watch Wholesale Poncho http://www.chinawholesaletown.com/wholesale-Lighter/ Cup
        Wholesale Ruler Valentine Gifts http://www.chinawholesaletown.com/wholesale-Hair-Products/ Crystal Gifts
        Safety Products Patient Care Products http://www.chinawholesaletown.com/wholesale-Money-Bank/ Sport Support Products
        Gift Box Beauty Equipment http://www.chinawholesaletown.com/wholesale-Belt/ Tie
        Safety Suppliers Wholesale Shoe http://www.chinawholesaletown.com/wholesale-Stress-Ball/ Magnifier
        Pen Holder Wholesale Clothes Rack http://www.chinawholesaletown.com/wholesale-iPod---iPhone/ Flag
        Wholesale Thermometer Poncho Raincoat http://www.chinawholesaletown.com/wholesale-Coaster/ Vocal Concert Products
        Promotional Items Wholesale Swimming Products http://www.chinawholesaletown.com/wholesale-Clap-Hands/ Flash Gift
        Mouse Pad Wholesale Thermometer http://www.chinawholesaletown.com/wholesale-World-Cup-Horn-Vuvuzela/ Home Appliances
        Wholesale Cup Wholesale First Aid Kit http://www.chinawholesaletown.com/wholesale-Safety/ Bottle Opener
        Voice Recorder Wholesale Kitchenware http://www.chinawholesaletown.com/wholesale-Mat/ Cleaner Products
        Consumer Electronics Cleaner Products http://www.chinawholesaletown.com/wholesale-Sport-Support/ Bag
        Wholesale Glove Recorder Pen http://www.chinawholesaletown.com/wholesale-Pedometer/ CD Holde
        Wedding Favors Wholesale iPod iPhone http://www.chinawholesaletown.com/wholesale-Earphone/ T-Shirts
        Wholesale Mug Wholesale Mat http://www.chinawholesaletown.com/wholesale-Shoes/ Toys
        Wholesale Binoculars Wholesale Mirror http://www.chinawholesaletown.com/wholesale-Vase/ Promotional Gifts
        Wholesale Calculator Wholesale Album http://www.chinawholesaletown.com/wholesale-Vocal-Concert-Products/ Shoe
        Coin Bank Photo Frame http://www.chinawholesaletown.com/wholesale-Garden-Decorations/ Gift Box
        Photo Frame Pet Supplies http://www.chinawholesaletown.com/wholesale-Hardware-Tools/ Compass
        Wholesale Magnifier Gift Box http://www.chinawholesaletown.com/wholesale-Tape-Measure/ Golf Products
        Wholesale Scissors Arts Crafts http://www.chinawholesaletown.com/wholesale-Reflective-Safety-Vest/ Safety Suppliers
        Wholesale Pom Poms Lighting Products http://www.chinawholesaletown.com/wholesale-Magnifier/ Mp3
        Industrial Supplies Wholesale Cap http://www.chinawholesaletown.com/wholesale-Voice-Recorder/ Business Gift
        Wholesale Bookmark Safety Products http://www.chinawholesaletown.com/wholesale-Mirror/ Pen
        Wholesale Tableware Vocal Concert Products http://www.chinawholesaletown.com/wholesale-Bracelet---Bangle/ Lighting Products
        Wholesale Clothes Rack Wholesale Carabiner http://www.chinawholesaletown.com/wholesale-TelePhone/ Industrial Supplies
        Sport Support Products Wholesale Towel http://www.chinawholesaletown.com/wholesale-Gift-Bags/ Stress Ball
        Men Beauty Care Safety Suppliers http://www.chinawholesaletown.com/wholesale-Men-Beauty-Care/ Safety Products
        jywhy888
        Reply Vote

  • The underpinnings are the key to vulnerabilities

    Tireless debates about "which is the most secure OS" are rendered meaningless when it is the smallest component that is subject to the greatest vulnerabilities. Sandboxing and kernel isolation are only workarounds to the fundamental problems of complex systems.
    Your Non Advocate
    Reply Vote

  • hmmm ...

    ... why am i not surprised that, combined, 85% of the vulnerabilities are made up of Java vulnerabilities and Adobe application / product vulnerabilities?<br><br>This data *has to* fall under the category <i>"I.T's Worst kept Security Vulnerability Secrets"</i>.
    thx-1138_
    Reply Vote

  • No wonder, Java doesn't even update itself

    The supposed Java update which pops up monthly has never worked for me. The update always fails. Reason? The updater only works if you are running as an Administrator, and of course I run as a Local User by default. So the updater fails. At some point, you give up on the shenanigans and just want to make the popup go away. So Java stays outdated until you go well out of your way to update it.
    ZStoner
    Reply Vote

    • Blame it on the IT admininstrator!

      @ZStoner - Exactly my point too. Our IT admins ensure that all the M$ security updates are installed on our machines but they turn a blind eye to almost everything else. The auditors don't bother about non-M$ security updates.
      dexter_greycells
      Reply Vote

  • It would be a nice fix

    If java installer uninstalled old versions of java before installing the new one.
    Windows seems to like using the old version even after the new version is installed.
    zmud
    Reply Vote

  • RE: 37 percent of users browsing the Web with insecure Java versions

    Java JRE is a cancer, period. Nothing good comes from having it installed.
    The one and only, Cylon Centurion
    Reply Vote

  • RE: 37 percent of users browsing the Web with insecure Java versions

    Re: Verify your Java version: Get an error trying to run installed.js: "debug" not defined.
    LotisDigital
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close