According to data from Microsoft's malware protection center, there has been an "unprecedented wave" of exploits against vulnerabilities in Oracle Sun's Java software in 2010.
Microsoft's Holly Stewart notes that there has been a dramatic spike in Java attacks in the third quarter this year, mostly against these three vulnerabilities:
A deserialization issue in vulnerable versions of JRE (Java Runtime Environment) allows remote code execution through Java-enabled browsers on multiple platforms, such as Microsoft Windows, Linux, and Apple Mac OS X.
Another remote code execution, multi-platform issue caused by improper parsing of long file:// URL arguments.
Another deserialization issue, very similar to CVE-2008-5353.
"The first two, in particular, have gone from hundreds of thousands per quarter to millions," Stewart said.
According to Oracle, 28 of these vulnerabilities could be remotely exploitable without authentication (over a network without the need for a username and password). The patches are available for Windows, Linux and Solaris users.
According to Oracle’s advisory, 15 of the 29 vulnerabilities carry the maximum 10.0 CVSS severity rating.