CIS Premium protect against this new java thing DHS is warning about?

[Guest]

[christophera]

This java exploit thing that the Department of Homeland Security is warning about and telling people to turn off their java: Mal/JavaJar-B

I have CIS 5.12.256..... with the last db update being 1/12/2013

Am I protected against this?

Should I still follow the instructions to turn java off?

Thanks,

Chris

[SanyaIV]

I can't answer your question but I'd recommend updating to the latest version and turning off Java for web-browsers until there is more information.

You can install the latest version from here: https://java.com/en/download/manual.jsp

You can turn off browser support by going to Control Panel > Programs > Java > Security > untick "Enable Java content in the browser"

[Radaghast]

If you don't use Java remove it. If you do need it, disable it until it's needed.

[naren]

If I disable Java, would I get the yellow bar to run Java once/permanently for the site in IE or I would have to enable Java manually.

Any offline program install if needs Java, I would have to enable Java manually, right?

[DrHaze]

https://community.rapid7.com/community/metasploit/blog

here's an article on the whole thing...i would be careful

[jbustter]

from what i understand, Comodo does not block the exploit, but can probably still detect programs that get to your computer though it and is most likely getting signatures of the latest viruses that abuse it. the main problem (and i am just guessing right now) is that hackers can use this exploit to download and run unwanted programs on your computer, without you being able to see or agree to that download. am i guessing right?

[EricJH]

The latest Java (update 11) protects against this particular exploit. It also changes the security level from Medium to High. Disabling the plugin is another option,

[Tags:]