Reasons why we update – June Patch Tuesday and Java vulnerabilities
June 20, 2011
Posted by on
Patch Tuesday vulnerabilities already being exploited by hackers
Just three days after Microsoft released it’s latest batch of fixes and updates hackers have begun to exploit one of the bugs on un-patched machines reports Symantec. The exploit takes advantage of one of the Internet Explorer issues that was patched this month. This incident only highlights the importance of updating a computer’s files as soon as a patch becomes available because the longer a security hole is left exposed, the more risk there is to the user.
Usually when vulnerabilities are published in Microsoft’s reports regarding Patch Tuesday, there is the expectation that hackers will use that information and usually be successful within 30 days. However in this case, there has been some surprise that the individuals have done it in a significantly less amount of time.
The vulnerability itself stems from Microsoft’s Internet Explorer browser, version 8 and below, that was originally discovered back in January by a bounty hunter according to InfoWorld. The IE bug, which was placed as the most important update on Patch Tuesday by security analysts, causes issues due to its ability to automatically download malicious files. Symantec’s Joji Hamada stated that, “we have only seen limited attacks taking advantage of this vulnerability and believe that the exploit is only being carried out in targeted attacks at present”.
Oracle releases Java 1.6 update 26
Microsoft recreantly released a new piece of software for detecting malware on your machine. Microsoft Safety Scanner is downloaded and run on your PC to detect and remove malware and rootkits. In eight out of ten of the top vulnerabilities had gotten into users’ machines through Java vulnerabilities. Now, Oracle has updated Java 1.6 to Update 26. If you have Java on your machine, then you want to update to this version to prevent the remote execution exploits that have been fixed.
17 vulnerabilities have been patched with nine of those given a 10 out of 10 in terms of security risk – Oracle’s own ranking. This update is available for Windows, Linux, and Solaris. Apple users will have to wait until Apple issues an update to address the flaws.