Microsoft: Patch critical flaw in Windows Java machine


Microsoft: Patch critical flaw in Windows Java machine

Windows users should urgently patch two software flaws that could allow an attacker to take control of their PCs, Microsoft has warned.

The problems, which the company describes as "critical," lie in Microsoft's virtual machine (VM) software for running Java applications on Windows computers. All versions of the VM, including the latest 5.0.3805, are affected, Microsoft said in a security bulletin.

The first flaw lies in a feature that allows Java applications to connect to databases, the second in a function that supports the use of XML (Extensible Markup Language) by Java applications, Microsoft said.

To exploit the flaws, an attacker would have to send the user an e-mail in HTML (Hypertext Markup Language) format or lure a user to a specially crafted Web site. An attacker could carry out virtually any desired action on a user's system after a successful attack, according to Microsoft.

The VM is a standard part of most versions of Windows and is delivered with the Internet Explorer Web browser. It has also been made available as a separate download, Microsoft said.

On Wednesday (18 September) Microsoft also disclosed a third, less serious flaw in the database support functions of its VM. Exploiting this flaw, classified "low" on Microsoft's severity rating, would at least crash Internet Explorer, but could allow an attacker to run code on the user's computer, Microsoft said.

Further information

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy