RE: Java 7 patch 13 out...
-making-embedded-java-push-203168 [5] HTML 4 Specification, Including an applet: the APPLET element http://www.w3.org/TR/html401/struct/objects.html#h-13.4 [6] February 2013 Critical Patch Update for Java SE Released https://blogs.oracle.com/security/entry/february_2013_critical_patch_update Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, February 04, 2013 7:03 PM To: NT System Admin Issues Subject: Re: Java 7 patch 13 out... On Mon, Feb 4, 2013 at 6:42 PM, Matthew W. Ross mr...@ephrataschools.org wrote: There's a lot of chatter on the Mozilla Enterprise mailing list about this stuff right now. Ooh, another list to check out... https://mail.mozilla.org/listinfo/enterprise :-) Thanks Ben. You're welcome. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Java 7 patch 13 out...
/topics/security/javacpufeb2013-1841061.html [2] Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-306/ [3] Oracle Java SE Embedded http://www.oracle.com/us/technologies/java/embedded/standard-edition/overview/index.html [4] Oracle making embedded Java push http://www.infoworld.com/d/application-development/oracle-making-embedded-java-push-203168 [5] HTML 4 Specification, Including an applet: the APPLET element http://www.w3.org/TR/html401/struct/objects.html#h-13.4 [6] February 2013 Critical Patch Update for Java SE Released https://blogs.oracle.com/security/entry/february_2013_critical_patch_update Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, February 04, 2013 7:03 PM To: NT System Admin Issues Subject: Re: Java 7 patch 13 out... On Mon, Feb 4, 2013 at 6:42 PM, Matthew W. Ross mr...@ephrataschools.org wrote: There's a lot of chatter on the Mozilla Enterprise mailing list about this stuff right now. Ooh, another list to check out... https://mail.mozilla.org/listinfo/enterprise :-) Thanks Ben. You're welcome. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Java 7 patch 13 out...
Snap no feebees for me, I am sure the Security explorations are going to be dogging Oracle about the java issues until they get with the program and get stuff fixed, so expected more upgrades to Java coming. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, February 05, 2013 9:21 AM To: NT System Admin Issues Subject: Re: Java 7 patch 13 out... You'll notice that no one took you up on your bet... There's a reason for that. :) ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Tue, Feb 5, 2013 at 9:05 AM, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: Did I not say like 1-2 days after Java updated to version 7.0 update 13 that the Security explorations folks would post what is still broken in java security wise, expect a update 14 or even 15 soon enough. Cross post from Bugtraq Hello All, Below, we are providing you with technical details regarding security issues reported by us to Oracle and addressed by the company in a recent Feb 2013 Java SE CPU [1]. [Issue 29] This issue allows for the creation of arbitrary Proxy objects for interfaces defined in restricted packages. Proxy objects defined in a NULL class loader namespaces are of a particular interest here. Such objects can be used to manipulate instances of certain restricted classes. In our Proof of Concept code we create such a proxy object for the com.sun.xml.internal.bind.v2.model.nav.Navigator interface. In order to use the aforementioned proxy object, we need an instance of that interface too. We obtain it with the help of Issue 28, which allows to access arbitrary field objects from restricted classes and interfaces. As a result, by combining Issue 27-29, one can use Navigator interface and make use of its sensitive Reflection API functionality such as obtaining access to methods of arbitrary classes. That condition can be further leveraged to obtain a complete JVM security bypass. Please, note that our Proof of Concept code for Issues 27-29 was reported to Oracle in Apr 2012 and depending Issues 27-28 were addressed by the company sooner than Issue 29. Testing of the PoC will thus give best results on older versions of Java SE 7. [Issue 50] Issue 50 allows to violate a fundamental security constraint of Java VM, which is type safety. This vulnerability is another instance of the problem related to the unsafe deserialization implemented by com.sun.corba.se.impl.io.ObjectStreamClass class. Its first instance was fixed by Oracle in Oct 2011 [2] and it stemmed from the fact that during deserialization insufficient type checks were done with respect to object references that were written to target object instance created by the means of deserialization. Such a reference writing was accomplished with the use of a native functionality of sun.corba.Bridge class. The problem that we found back in Sep 2012 was very similar to the first one. It was located in the same code (class) and was also exploiting direct writing of object references to memory with the use of putObject method. While the first type confusion issue allowed to write object references of incompatible types to correct field offsets, Issue 50 relied on the possibility to write object references of incompatible types to...invalid field offsets. It might be also worth to mention that Issue 50 was found to be present in Java SE Embedded [3]. That is Java version that is based on desktop Java SE and is used in today's most powerful embedded systems such as aircraft and medical systems [4]. We verified that Oracle Java SE Embedded ver. 7 Update 6 from 10 Aug 2012 for ARM / Linux contained vulnerable implementation of ObjectStreamClass class. Unfortunately, we don't know any details regarding the impact of Issue 50 in the embedded space (which embedded systems are vulnerable to it, whether any feasible attack vectors exist, etc.). So, it's up to Oracle to clarify any potential concerns in that area. [Issue 52] Issue 52 relies on the possibility to call no-argument methods on arbitrary objects or classes. The vulnerability has its origin
RE: Java 7 patch 13 out... how to attack Servers via RMI protocol
And guess what here is a way to exploit the servers also, so the Java flaws aren't just for workstations anymore. Cross post from Bugtraq Hello All, Due to the inquiries received regarding our claims pertaining to the possibility of exploiting Java SE vulnerabilities on servers, we've published our Proof of Concept code that illustrates this. The code relies on RMI protocol [1] to deliver a malicious Java class file to a target RMI server. It can be downloaded from our project details page: http://www.security-explorations.com/en/SE-2012-01-details.html Thank You. Best Regards, Adam Gowdiak - Security Explorations http://www.security-explorations.com We bring security research to the new level - References: [1] RMI Wire Protocol http://docs.oracle.com/javase/1.5.0/docs/guide/rmi/spec/rmi-protocol.html Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, February 05, 2013 9:05 AM To: NT System Admin Issues Subject: RE: Java 7 patch 13 out... Did I not say like 1-2 days after Java updated to version 7.0 update 13 that the Security explorations folks would post what is still broken in java security wise, expect a update 14 or even 15 soon enough. Cross post from Bugtraq Hello All, Below, we are providing you with technical details regarding security issues reported by us to Oracle and addressed by the company in a recent Feb 2013 Java SE CPU [1]. [Issue 29] This issue allows for the creation of arbitrary Proxy objects for interfaces defined in restricted packages. Proxy objects defined in a NULL class loader namespaces are of a particular interest here. Such objects can be used to manipulate instances of certain restricted classes. In our Proof of Concept code we create such a proxy object for the com.sun.xml.internal.bind.v2.model.nav.Navigator interface. In order to use the aforementioned proxy object, we need an instance of that interface too. We obtain it with the help of Issue 28, which allows to access arbitrary field objects from restricted classes and interfaces. As a result, by combining Issue 27-29, one can use Navigator interface and make use of its sensitive Reflection API functionality such as obtaining access to methods of arbitrary classes. That condition can be further leveraged to obtain a complete JVM security bypass. Please, note that our Proof of Concept code for Issues 27-29 was reported to Oracle in Apr 2012 and depending Issues 27-28 were addressed by the company sooner than Issue 29. Testing of the PoC will thus give best results on older versions of Java SE 7. [Issue 50] Issue 50 allows to violate a fundamental security constraint of Java VM, which is type safety. This vulnerability is another instance of the problem related to the unsafe deserialization implemented by com.sun.corba.se.impl.io.ObjectStreamClass class. Its first instance was fixed by Oracle in Oct 2011 [2] and it stemmed from the fact that during deserialization insufficient type checks were done with respect to object references that were written to target object instance created by the means of deserialization. Such a reference writing was accomplished with the use of a native functionality of sun.corba.Bridge class. The problem that we found back in Sep 2012 was very similar to the first one. It was located in the same code (class) and was also exploiting direct writing of object references to memory with the use of putObject method. While the first type confusion issue allowed to write object references of incompatible types to correct field offsets, Issue 50 relied on the possibility to write object references of incompatible types to...invalid field offsets. It might be also worth to mention that Issue 50 was found to be present in Java SE Embedded [3]. That is Java version that is based on desktop Java SE and is used in today's most powerful embedded systems such as aircraft and medical systems [4]. We verified that Oracle Java SE Embedded ver. 7 Update 6 from 10 Aug 2012 for ARM / Linux contained vulnerable implementation of ObjectStreamClass class. Unfortunately, we don't know any details regarding the impact of Issue 50
RE: Java 7 patch 13 out...
Good one I am sure they will bypass the protections in this version within the week, I will just wait for the Post from the Polish Team on Bugtraq. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Mathew Shember [mailto:mathew.shem...@synopsys.com] Sent: Friday, February 01, 2013 8:15 PM To: NT System Admin Issues Subject: RE: Java 7 patch 13 out... O So there is only one exploit! It's Groundhog Day! Patch the exploit. It's Groundhog Day! Patch the exploit. ... From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, February 01, 2013 2:52 PM To: NT System Admin Issues Subject: Re: Java 7 patch 13 out... Exploit to follow tomorrow, which is Groundhog Day. :-) On Friday, February 1, 2013, S Powell wrote: no that's it... i'm off to update... - Sub ubi semper ubi ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.comjavascript:; with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Java 7 patch 13 out...
Firefox now requires you to click to play any plugin (save Flash, and only if it's the most up-to-date version): http://www.pcmag.com/article2/0,2817,2414931,00.asp I don't know if this feature has shown up in any of the ESR versions of FF yet. --Matt Ross Ephrata School District - Original Message - From: Ziots, Edward [mailto:ezi...@lifespan.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 04 Feb 2013 13:46:45 -0800 Subject: RE: Java 7 patch 13 out... Its been beyond ridiculous... and all the 3rd party utilities are always vulnerable (flash, Adobe, Java, etc etc) its what the exploit kits prey on to exploit things. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Stephen Holtz [mailto:ste...@addisonreserve.cc] Sent: Monday, February 04, 2013 2:52 PM To: NT System Admin Issues Subject: RE: Java 7 patch 13 out... This is getting ridiculous! If you don't need java it is getting removed. Stephen L. Holtz, MCSE, MCT Director of Information Technology Addison Reserve Country Club 7201 Addison Reserve Blvd. Delray Beach, Fl. 33446 Ph: 561-455-1220 Cell: 561-441-0646 www.addisonreserve.cchttp://www.addisonreserve.cc/ [ARLogo][PlatinumClub][DistinguishedEmerald] Proudly recognized as a 5-Star Platinum Club of America. This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please notify me by replying to this message and permanently delete the original and any copy of this e-mail and any printout thereof. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, February 04, 2013 2:13 PM To: NT System Admin Issues Subject: RE: Java 7 patch 13 out... Good one I am sure they will bypass the protections in this version within the week, I will just wait for the Post from the Polish Team on Bugtraq. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Mathew Shember [mailto:mathew.shem...@synopsys.com] Sent: Friday, February 01, 2013 8:15 PM To: NT System Admin Issues Subject: RE: Java 7 patch 13 out... O So there is only one exploit! It's Groundhog Day! Patch the exploit. It's Groundhog Day! Patch the exploit. ... From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, February 01, 2013 2:52 PM To: NT System Admin Issues Subject: Re: Java 7 patch 13 out... Exploit to follow tomorrow, which is Groundhog Day. :-) On Friday, February 1, 2013, S Powell wrote: no that's it... i'm off to update... - Sub ubi semper ubi ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.comjavascript:; with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body
Re: Java 7 patch 13 out...
On Mon, Feb 4, 2013 at 5:36 PM, Matthew W. Ross mr...@ephrataschools.org wrote: Firefox now requires you to click to play any plugin (save Flash, and only if it's the most up-to-date version): http://www.pcmag.com/article2/0,2817,2414931,00.asp I don't know if this feature has shown up in any of the ESR versions of FF yet. Click-to-play doesn't and won't exist in 10.0.x. It does in 17.0.x. There's a lot of chatter on the Mozilla Enterprise mailing list about this stuff right now. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Java 7 patch 13 out...
There's a lot of chatter on the Mozilla Enterprise mailing list about this stuff right now. -- Ben Ooh, another list to check out... Thanks Ben. --Matt Ross Ephrata School District - Original Message - From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 04 Feb 2013 15:25:29 -0800 Subject: Re: Java 7 patch 13 out... On Mon, Feb 4, 2013 at 5:36 PM, Matthew W. Ross mr...@ephrataschools.org wrote: Firefox now requires you to click to play any plugin (save Flash, and only if it's the most up-to-date version): http://www.pcmag.com/article2/0,2817,2414931,00.asp I don't know if this feature has shown up in any of the ESR versions of FF yet. Click-to-play doesn't and won't exist in 10.0.x. It does in 17.0.x. There's a lot of chatter on the Mozilla Enterprise mailing list about this stuff right now. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Java 7 patch 13 out...
On Mon, Feb 4, 2013 at 6:42 PM, Matthew W. Ross mr...@ephrataschools.org wrote: There's a lot of chatter on the Mozilla Enterprise mailing list about this stuff right now. Ooh, another list to check out... https://mail.mozilla.org/listinfo/enterprise :-) Thanks Ben. You're welcome. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Java 7 patch 13 out...
Exploit to follow tomorrow, which is Groundhog Day. :-) On Friday, February 1, 2013, S Powell wrote: no that's it... i'm off to update... - Sub ubi semper ubi ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com javascript:; with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Java 7 patch 13 out...
If the groundhog pops up and sees yet another Java exploit, do we have to wait six weeks for the patch? Thanks Webster From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, February 01, 2013 4:52 PM To: NT System Admin Issues Subject: Re: Java 7 patch 13 out... Exploit to follow tomorrow, which is Groundhog Day. :-) On Friday, February 1, 2013, S Powell wrote: no that's it... i'm off to update... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Java 7 patch 13 out...
O So there is only one exploit! It's Groundhog Day! Patch the exploit. It's Groundhog Day! Patch the exploit. ... From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, February 01, 2013 2:52 PM To: NT System Admin Issues Subject: Re: Java 7 patch 13 out... Exploit to follow tomorrow, which is Groundhog Day. :-) On Friday, February 1, 2013, S Powell wrote: no that's it... i'm off to update... - Sub ubi semper ubi ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.comjavascript:; with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin