After my last post, an ISS user by the name of Fred Lee was kind enough to let me in on a little work-around that seems to be operating well for him: +Un-install all versions of the JRE +Install JRE 1.4.1_06 +Then go into regedit, and change the following key names: Change:HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.4.1_06 To: HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.4.1 Change:HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Plug-in\1.4.1_06 To: HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Plug-in\1.4.1
After that everything should work OK... This isn't officially supported yet, but we'll take a look at supporting this work-around and post it to the knowledge base... Matthew ======================================================= Matthew Ward Product Manager - Security Management Phone 404 236 3995 email: [EMAIL PROTECTED] Unofficial but sometimes helpful tips at http://SiteProtector.blogspot.com Internet Security Systems, Inc. ======================================================= -----Original Message----- From: [EMAIL PROTECTED] On Behalf Of Ward, Matthew (ISSAtlanta) Sent: Monday, November 24, 2003 5:08 PM To: Mark Teicher; Andrew Plato; [EMAIL PROTECTED] Subject: RE: [ISSForum] Java Security Problems The flaws in the JRE that I know about are really not that high of a risk. If you know something that I don't, please let me know. Here's what I know, and you can tell me if that corresponds with what you know: The remotely exploitable flaws in the JRE require two things in order to be exploited: 1) You must be browsing malicious websites or installing malicious Java apps 2) You must allow Java applets to run from your browser without warning you If you are fairly good about not browsing websites of questionable character and are picky about the apps you install, then you should be pretty safe. In addition to that, if you change your browser security settings to not run Java applets without your approval (you really should be doing this anyway), then you should be pretty darn safe. If you know something that I don't know about the vulnerabilities that exist in the JRE, then please let me know. Here are the vulns that I know of that are covered by the above information: CVE X-Force CVE-2002-0076 8480: java-vm-verifier-variant 11182: sun-java-improper-validation CAN-2002-1257 10713: java-bytecode-verifier-bypass Matthew ======================================================= Matthew Ward Product Manager - Security Management Phone 404 236 3995 email: [EMAIL PROTECTED] Unofficial but sometimes helpful tips at http://SiteProtector.blogspot.com Internet Security Systems, Inc. ======================================================= -----Original Message----- From: [EMAIL PROTECTED] On Behalf Of Mark Teicher Sent: Sunday, November 23, 2003 10:37 PM To: Andrew Plato; [EMAIL PROTECTED] Subject: Re: [ISSForum] Java Security Problems Andrew, ISS is not the only vendor that is affected by the latest JRE security vulnerability. Other companies that compete with ISS have far more serious security issues with their use of JRE. /m At 07:12 PM 11/20/2003, Andrew Plato wrote: >Is anybody aware of the Java security problems in JRE 1.4.1_xx? Is ISS >planning to release a patch to make the console compatible with the JRE >1.4.2? > >I have some customers who are NOT happy that there is NOTHING from ISS >on the fact that the JRE 1.4.1 has a serious security problem and so >far, no word from ISS on whether the console will be updated to support >1.4.2 (which repairs the security vulnerability.) > >___________________________________ >Andrew Plato, CISSP >President/Principal Consultant >Anitian Enterprise Security > >503-644-5656 Office >503-644-8574 Fax >503-201-0821 Mobile >www.anitian.com >___________________________________ > >_______________________________________________ >ISSForum mailing list >[EMAIL PROTECTED] > >TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to >https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
