Microsoft squashes Java security bugs

A serious security flaw in Microsoft's virtual machine (VM) found on most Windows PCs could allow an attacker to take over a user's system, Microsoft warned late Wednesday. A fixed version of the software is available.

Microsoft's VM is used for running Java applications on Windows PCs and comes with most Windows and Internet Explorer versions. All builds up to and including build 5.0.3805 are affected by eight security flaws, six of which pose a "low" or "moderate" risk to users, Microsoft said in security bulletin MS02-069

Two vulnerabilities, however, are serious. Exploiting a "critical" flaw in a security feature of the VM could allow an attacker to gain control over a user's system, while another "important" flaw could be exploited to trick the VM into giving an attacker read access to files on a user's PC and network drives, Microsoft said.

Under Microsoft's security rating system, changed last month, critical vulnerabilities are those that could be exploited to allow malicious Internet worms to spread without user action. Important are those vulnerabilities that could expose user data or threaten system resources. An attacker could exploit the VM flaws by luring a user to an especially coded Web page or sending that page via HTML (Hypertext Markup Language) e-mail, Microsoft said. The Redmond, Washington, company urges users to upgrade to VM build 3809, which is available from the Windows Update Web site.

View: Full Story

News source: PC World Australia

Report a problem with article
Previous Story

Microsoft offers bribes to drop antitrust appeal

Next Story

Apple reluctant to drop Mac OS 9

1 Comments

I wonder if that has anything to do with Microsoft initially deciing to ship XP without Java VM. I know that Sun has constantly made it difficult for Microsoft to update or even include the Java VM technology in Windows.

Commenting is disabled on this article.