Quick Contact

News and Updates

Network Security Update:Java Zero-Day, Microsoft September Bulletin

The importance of remote monitoring and maintenance programs for businesses was highlighted, again, during the last week of August with the news of an active vulnerability in the Java Runtime Environment 1.7.  This vulnerability allowed the remote execution of code on a vulnerable system.

Somewhat unique to this incident was the fact there was not a patch made available immediately by Oracle, the producer of Java.  Mozilla recommended disabling the Java plug-in for users of their Firefox browser.  The United States Computer Emergency Readiness Team (US-CERT, part of the U.S. Department of Homeland Security) issued similar advice, and also recommended uninstalling Java in certain instances.

Since there was not an automatic patch available, unaware users remained vulnerable.  We immediately ran a remote diagnostic routine for all our maintenance and monitoring customers to determine if any were running the vulnerable version of the Java software and took any necessary actions on those machines.

You can read the complete US-CERT bulletin here: http://www.kb.cert.org/vuls/id/636312

Microsoft released their September Security Bulletin and noted elevation of privilege vulnerabilities in Visual Studio Team Foundation Server and System Center Configuration Manager.  Both of these notifications were categorized as Important.  Potential victims would be required to navigate to a website that was designed to exploit the vulnerability.

Leave a Reply

You must be logged in to post a comment

Sound Technology Services sign up form

Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur excepteur sint occaecat cupidatat non

Sound Technology Serviceslogin form