Attackers Pounce on Zero-Day Java Exploit

Attackers Pounce on Zero-Day Java Exploit – Krebs on Security If i put Java into the def+ sandbox would this help protect me from this ZD Java Exploit…

Simply following the recommend strategy outlined in the above article should help you immensely.

i just put Java exe’s in the Sandbox under def +… computer security policy and run a program in the sandbox. Don’t know if it will help but does not seem to be a problem yet…

I still have sites that need Java, is there a way to use Defense+ to allow Java to still work yet blocking the exploit ?

Sandboxing the Java EXE’s fails to sandbox them, anything that I try with Defense+ either doesn’t work or blocks Java completely, maybe I’m missing something ?

When i launch the CIS GUI…Under Def+ has blocked ? intrusions…if i click on ? i can see that the Java Exe’s have been sandboxed as restricted the way that i set them to be…i have since uninstalled Java so it doesn’t matter anymore…i need JavaScript turned on in Dragon but don’t need Java installed… It might have been better if i uninstalled Java and installed it again as Sandboxed…

Oracle updated Java 7 (jre 1.7) to update 7 that tackles this problem. Please update your Java.

Java 7 Update 7 is still vulnerable!!!..tsk :frowning: I think we need to disable Java for the moment or uninstall if you do not need it.

Java Users Still Not Safe, Experts Report New Vulnerability to Oracle

Researchers find critical vulnerability in Java 7 patch hours after release

Only 9 of 22 virus scanners block Java exploit

Is it possible to check which websites might have possibly been employing this exploit?

How do you mean? Do you want to post the url’s of those websites here? :o Please notice we do not allow that if that is what you meant.

Do you want to post the url's of those websites here? :o Please notice we do not allow that if that is what you meant.

No, not at all. I meant if there are some kind of databases that keep track of which websites have had users report experiencing this exploit on, or something along that way. Since from what I understood, the code could have been used even on websites that are normally considered ‘safe’, and I would’ve liked to know if I have visited such websites and whether my system has been in danger. Or would it be noticeable?