Microsoft: Patch critical flaw in Windows Java machine

News

Microsoft: Patch critical flaw in Windows Java machine

Windows users should urgently patch two software flaws that could allow an attacker to take control of their PCs, Microsoft has warned.

The problems, which the company describes as "critical," lie in Microsoft's virtual machine (VM) software for running Java applications on Windows computers. All versions of the VM, including the latest 5.0.3805, are affected, Microsoft said in a security bulletin.

The first flaw lies in a feature that allows Java applications to connect to databases, the second in a function that supports the use of XML (Extensible Markup Language) by Java applications, Microsoft said.

To exploit the flaws, an attacker would have to send the user an e-mail in HTML (Hypertext Markup Language) format or lure a user to a specially crafted Web site. An attacker could carry out virtually any desired action on a user's system after a successful attack, according to Microsoft.

The VM is a standard part of most versions of Windows and is delivered with the Internet Explorer Web browser. It has also been made available as a separate download, Microsoft said.

On Wednesday (18 September) Microsoft also disclosed a third, less serious flaw in the database support functions of its VM. Exploiting this flaw, classified "low" on Microsoft's severity rating, would at least crash Internet Explorer, but could allow an attacker to run code on the user's computer, Microsoft said.

Further information
www.microsoft.com/technet/security/bulletin/MS02-052.asp

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy