I would expect that someone is going to dig up another method to attack the existing flaw. The patch just addressed the known vectors.
Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] From: Andrew S. Baker [mailto:[email protected]] Sent: Thursday, August 30, 2012 5:17 PM To: NT System Admin Issues Subject: Re: 0 Day in Java 1.7 up to Version 6 Yes, it is patched against the specific exploit vectors that have currently been discussed. It is unclear whether or not other as-yet-too-difficult-to-pursue avenues have been also addressed by this patch. ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Thu, Aug 30, 2012 at 2:15 PM, S Powell <[email protected]> wrote: according to cert: http://www.kb.cert.org/vuls/id/636312 "This issue is addressed in Java 7 Update 7. Also consider the following workarounds:" so I guess the real question is, is it really patched? ----------------- "Choose the highest bidder" was my answer when they told me I was up for sale. On Thu, Aug 30, 2012 at 11:03 AM, David Lum <[email protected]> wrote: > "After an exploit for them has been added to the Blackhole exploit kit, the number of sites functioning as entrance points for malware has risen exponentially. According to Patrik Runald, director of security research at Websense, the company has already spotted over 100 unique domains serving the Java exploit. > > "The number is definitely growing...and because Blackhole has an updatable framework and already has a foothold on thousands of sites, we anticipate that the number of sites compromised with this new zero-day will escalate rapidly in the coming days," he told Gregg Keizer." > > - and - > > "According to researchers from Security Explorations, who found the two flaws and reported them to Oracle back in April, the monthly status report they received from Oracle less than a week ago shows that both flaws have been addressed." > > Full article: http://www.net-security.org/secworld.php?id=13507 > > David Lum > Systems Engineer // NWEATM > Office 503.548.5229 // Cell (voice/text) 503.267.9764 > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
