[NTLUG:Discuss] [Fwd: M$ Java/IE bug]

[Greg E]

Todd Robinson wrote:
> 
>             Technology Headlines Add to My Yahoo!
> 
> 
>       Wednesday February 02 06:30 PM EST
>       Microsoft Java Bug Threatens IE Users
>       David Raikow, ZDNet
> 
>       As it continues its battle with Sun Microsystems over the future of Java, Microsoft is finding itself facing an entirely different type of obstacle: a newly uncovered security glitch in its Java Virtual Machine (JVM).
> 
>       According to a report by Dr. Hiromitsu Takagi of the Japanese Ministry of International Trade and Industry, the bug may allow an attacker to steal files from Web surfers who are using versions 4, 5 and 5.01 of Microsoft's Internet Explorer (IE) browser that include Microsoft's JVM. (Microsoft makes the JVM an optional, user-selectable component of IE.)
> 
> 
> 
>       As described in Takagi's report, the hole can be exploited by inserting a single line of code into a Java applet, and embedding that applet in a Web page. An IE browser accessing the page will download and execute the applet automatically, which will then read specific files on the user's machine. The applet may then transmit the files back to a Web server or forward them as an e-mail attachment.
> 
>       Takagi says he believes the problem is "very serious. ... Attacking applets can be implemented too much easily."
> 
>       He recommends that IE users disable Java until Microsoft releases a patch; alternatively, he suggests users download Sun's Java plug-in, or switch to Netscape Navigator.
> 
>       A Microsoft spokesperson stated that this Java VM hole "was reported into secure at microsoft.com a little while ago. Currently, Microsoft is looking into this issue."
> 
>       This isn't the first JVM problem Microsoft has had. The company last year issued patches for more than one Java VM bug. See this story in context on ZDNet

-- 
Greg Edwards
972-519-3793