Most serious leaves Windows open to Java attack. Microsoft has warned of three flaws affecting its software, the most serious of which would allow an attacker to gain full control of a PC using Java applets. The warnings, issued Wednesday, are related to the Microsoft Virtual Machine for running Java applets on Windows; a cross-site scripting bug in a component of Windows 2000 and Windows NT 4.0; and a denial-of-service bug affecting Proxy Server 2.0 and ISA Server. WITH THE THREE alerts, Microsoft has issued 12 new warnings so far this year. The Virtual Machine (VM) flaw is the most serious, meriting a “critical” rating from Microsoft. VM ships with most versions of Windows and some versions of Internet Explorer, and is used to run programs called applets written in Sun Microsystems’ Java language. A VM component called the ByteCode Verifier does not correctly check for the presence of certain malicious code when an applet is being loaded, meaning that an attacker could slip malicious code onto a victim’s PC. This malicious applet, which could be delivered via a Web page or an e-mail, could allow the attacker to run code on the PC, doing anything from erasing the hard drive to implanting a “back door” leaving the machine vulnerable to future attacks. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.