I would make a recommendation.
If you have an IPS, then utilize it to do a lot of egress filtering for known networks that are hosting these exploits and just flat block the Class C networks. I know its cut down a lot on what I am seeing on my IPS. A lot of times web filter and AV are going to miss it, or one might catch it if its too late. But definitely of the exploits and the methods I have looked at, they are targeting Java Heavily... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] From: N Parr [mailto:[email protected]] Sent: Monday, August 27, 2012 3:59 PM To: NT System Admin Issues Subject: RE: 0 Day in Java 1.7 up to Version 6 I've been trying to keep everything latest and greatest because I've had at least 3 cases in the past few months where GFI has had to disinfect clients with fake AV type infections on them. They said the infiltration point was through JRE6 which was at the latest update available at the time. So you're SOL either way if your web filter and antivirus both miss it. Only thing you can do is take it off which doesn't fly around here. ________________________________ From: Carl Houseman [mailto:[email protected]] Sent: Monday, August 27, 2012 2:30 PM To: NT System Admin Issues Subject: RE: 0 Day in Java 1.7 up to Version 6 Hmm, out of concern for compatibility, I've kept GPO-installed client systems at JRE 6 (update 33 is the latest needed for security patches). Looks like that was a good call and I don't have to worry about this particular problem, at least not yet. But it will be interesting to see if Oracle's Java group recognize the seriousness of this and issue an interim update before the scheduled quarterly update. Carl From: Ziots, Edward [mailto:[email protected]] Sent: Monday, August 27, 2012 2:44 PM To: NT System Admin Issues Subject: 0 Day in Java 1.7 up to Version 6 Importance: High Heads up on the Java Front... 0 day Attackers Pounce on Zero-Day Java Exploit - Krebs on Security: http://krebsonsecurity.com/2012/08/attackers-pounce-on-zero-day-java-exp loit/ Cross Post from the Internal Security Discussion list at Microsoft. (Thanks to Ms Bradley the SBS queen J) Already emailed the handlers at SANS to hopefully update the ISC page to spread the word... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
