More Microsoft woes:
>>>
Microsoft Java bug threatens IE Users
By David Raikow, Sm@rt Reseller February 2, 2000 10:47 AM ET As it continues its battle with Sun
Microsystems Inc. over the future of Java, Microsoft Corp. is finding itself
facing an entirely different type of obstacle: a newly uncovered security glitch
in its Java Virtual Machine.
According to a report by
Dr. Hiromitsu Takagi of the Japanese Ministry of International Trade and
Industry, the bug may allow an attacker to steal files from Web surfers who are
using versions 4, 5 and 5.01 of Microsoft's Internet Explorer browser that
include Microsoft's JVM. (Microsoft makes the JVM an optional, user-selectable
component of IE.)
As described in Takagi's report, the hole can be exploited by inserting a
single line of code into a Java applet and embedding that applet in a Web page.
An IE browser accessing the page will download and execute the applet
automatically, which will then read specific files on the user's machine. The
applet may then transmit the files back to a Web server or forward them as an
e-mail attachment.
Takagi says he believes the problem is "very serious. ... Attacking applets
can be implemented too much easily."
He recommends that IE users disable Java until Microsoft releases a patch;
alternatively, he suggests users download Sun's Java plug-in or
switch to Netscape Navigator.
A Microsoft official said this Java VM hole "was reported into
[EMAIL PROTECTED] a little while ago. Currently, Microsoft is looking into
this issue."
This isn't the first JVM problem Microsoft has had. The company last year
issued patches for more than one Java VM
bug. |