Nearly half of the attacks exploit vulnerabilities in Java default updates, according to the Microsoft Security Intelligence Report.
The exploits against computer security in the first half of 2011 were largely associated with the vulnerabilities of the family of Java products, technology maintained by Oracle.
The report Security Intelligence of Microsoft said indeed a record: one-third to half of the exploits are due to flaws in the runtime environment (JRE) Virtual Machine (JVM) and the JDK.
Oracle does not unduly slow to offer patches, the problem lies in their spread, diagnostic Tim Rains, director of Trustworthy Computing at Microsoft.
"Many of the faults most commonly used Java is old, and had had security updates for years." Thus, the solutions used by the attackers are long, because the attackers who develop, or redeem kits hackers continue to get a positive return on investment, observes Tim Rains.
For example, the most exploited vulnerability (CVE-2010-0840, affecting the JRE) was revised in March 2010 and waited until the last quarter of that year to gain popularity among malicious hackers.
The problem is further exacerbated as often, several major versions of the runtime language coexist on the same machine (based solutions that require their presence).
The report from Microsoft based on the number of exploits arrested by the anti-malware solution, blocked with 27.5 million of attacks over the past 12 months.
If Tim Rains prefers to emphasize the need for updates to users and sysadmins, Chester Wisniewski of Sophos will immediately advise to switch to Java: "Most people do not use Java nowadays and it [does not install Java] reduces the attack surface from the Internet, "says he.
*Download The rapport
Source : Blog officiel de la sécurité Microsoft.
The exploits against computer security in the first half of 2011 were largely associated with the vulnerabilities of the family of Java products, technology maintained by Oracle.
The report Security Intelligence of Microsoft said indeed a record: one-third to half of the exploits are due to flaws in the runtime environment (JRE) Virtual Machine (JVM) and the JDK.
"Many of the faults most commonly used Java is old, and had had security updates for years." Thus, the solutions used by the attackers are long, because the attackers who develop, or redeem kits hackers continue to get a positive return on investment, observes Tim Rains.
For example, the most exploited vulnerability (CVE-2010-0840, affecting the JRE) was revised in March 2010 and waited until the last quarter of that year to gain popularity among malicious hackers.
The problem is further exacerbated as often, several major versions of the runtime language coexist on the same machine (based solutions that require their presence).
The report from Microsoft based on the number of exploits arrested by the anti-malware solution, blocked with 27.5 million of attacks over the past 12 months.
If Tim Rains prefers to emphasize the need for updates to users and sysadmins, Chester Wisniewski of Sophos will immediately advise to switch to Java: "Most people do not use Java nowadays and it [does not install Java] reduces the attack surface from the Internet, "says he.
*Download The rapport
Source : Blog officiel de la sécurité Microsoft.
No comments:
Post a Comment