Department of Homeland Security warns Businesses about a Java Vulnerability.
They go as far as saying to disable it as there is no security patch yet.
I’m always looking out for security alerts. But, it is such a standard to run all your security patches both Windows and third party, I often don’t send much out if it’s protected by a known security patch. Most of our clients either know to run them or they are on our monitoring and know that all these patches are in place.
When the Department of Homeland Security sends out an official recommendation to disable Java 7. Time to listen up.
Official DHS warning
This is important. We had two major infections last week. Both started from some kind of malicious code on an ad in Facebook and then once it infected the computer, the computer infected every mapped drive it could find. At that point anyone who executed a file off that drive go infected. And I am talking about fully patched machines, with antivirus, protected by a great firewall running gateway security services!! What more can you do? At that point the only thing left is user education, and if that doesn’t work, blocking non-business web sites.
More articles.
US Government advises users to disable Java
Feds warn users about disabling Java
If you are on our monitoring service, I will be querying all machines to find out who has Java 7 and will be in touch with you directly. If you are not on our patch management, PLEASE have someone at your business check machines to see who has Java version 7 using add/remove programs in XP, or Programs and Features in 7 and higher, and follow these instructions if possible; Disable Java? Here’s how. Or downgrade to Java 6.
I’m guessing Java will have a patch available very soon!
Written by Bret Erickson or Passkey Computer Services
http://www.passkeyinc.com @passkeycs
Tech for Thought 