Java开发网 Java开发网
注册 | 登录 | 帮助 | 搜索 | 排行榜 | 发帖统计  

您没有登录

» Java开发网 » Java Security  

按打印兼容模式打印这个话题 打印话题    把这个话题寄给朋友 寄给朋友    该主题的所有更新都将Email到你的邮箱 订阅主题
flat modethreaded modego to previous topicgo to next topicgo to back
作者 Microsoft plugs eight holes in its Java software
menzy



版主


发贴: 754
积分: 113
于 2002-12-17 07:21 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
December 12, 2002 8:06 am PT

from www.infoworld.com
====看看,早就知道M$不是什么好东西=====
====搞坏对手的汤,最好方法就是往他们的锅里放老鼠屎====

A SERIOUS SECURITY flaw in Microsoft's virtual machine (VM) found on most Windows PCs could allow an attacker to take over a user's system, Microsoft warned late Wednesday. A fixed version of the software is available.

Microsoft's VM is used for running Java applications on Windows PCs and comes with most Windows and Internet Explorer versions. All builds up to and including build 5.0.3805 are affected by eight security flaws, six of which pose a "low" or "moderate" risk to users, Microsoft said in security bulletin MS02-069. (http://www.microsoft.com/technet/security/bulletin/MS02-069.asp)

Two vulnerabilities, however, are serious. Exploiting a "critical" flaw in a security feature of the VM could allow an attacker to gain control over a user's system, while another "important" flaw could be exploited to trick the VM into giving an attacker read access to files on a user's PC and network drives, Microsoft said.

Under Microsoft's security rating system, changed last month, critical vulnerabilities are those that could be exploited to allow malicious Internet worms to spread without user action. Important are those vulnerabilities that could expose user data or threaten system resources.

An attacker could exploit the VM flaws by luring a user to an especially coded Web page or sending that page via HTML (Hypertext Markup Language) e-mail, Microsoft said. The Redmond, Washington, company urges users to upgrade to VM build 3809, which is available from the Windows Update Web site.

Users can check if and what version of Microsoft's VM is installed by opening a command box and entering "jview." VM is installed when a program runs. The version number appears in the topmost line.

Also on Wednesday, Microsoft issued two other security bulletins warning of issues with various Windows versions.

Deemed "important" is a privilege elevation vulnerability in Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000 and Windows XP. A malicious user could gain administrative privileges on a system by exploiting the flaw which lies in a Windows function, Microsoft said in security bulletin MS02-071. (http://www.microsoft.com/technet/security/bulletin/MS02-071.asp)

A third Microsoft bulletin, MS02-070, details a "moderate" risk vulnerability in Windows 2000 and Windows XP without Service Pack 1 installed. An attacker could change group policy data received by client systems by silently disabling the signing of Server Message Block (SMBlack Eye packets, Microsoft said. (http://www.microsoft.com/technet/security/bulletin/MS02-070.asp)



话题树型展开
人气 标题 作者 字数 发贴时间
10147 Microsoft plugs eight holes in its Java software menzy 2707 2002-12-17 07:21

flat modethreaded modego to previous topicgo to next topicgo to back
  已读帖子
  新的帖子
  被删除的帖子
Jump to the top of page

   Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent
Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1
客服电话 18559299278    客服信箱 714923@qq.com    客服QQ 714923