10 JAN 2013
A remote code execution vulnerability exists in the following versions of Java:
The vulnerability allows attackers to remotely execute arbitrary code in a vulnerable system. To exploit this vulnerability, an attacker must lure users to access a compromised website or a malicious webpage, where a malicious Java applet targeting the vulnerability is hosted. The execution of the malicious applet within the browser of the unsuspecting user then allows the attacker to execute arbitrary code in the vulnerable system. Users with vulnerable systems may find themselves infected with ransomware, which Trend Micro detects as TROJ_REVETON.RJ and TROJ_REVETON.RG. Exposure to such malware may result in financial loss.
Note that Java Development Kit and Java Runtime Environment versions 6, 5.0 and 1.4.2, and Java Standard Edition Embedded JRE releases are not affected by this vulnerability.
It is strongly advised to download Java's latest update, which patches the vulnerability targeted by this attack. The patch increments the latest version of Java 7 to Update 11, and may be downloaded from the official Java website.
Java may be part of some applications that you are using regularly. If you must use Java, some useful tips are available on using Java safely.
If you need to disable Java, you may perform the following steps:
Disabling Java in Internet Explorer:
To prevent any Java app, signed or unsigned, from running in Internet Explorer:
Find out how to open the Java Control Panel, which varies depending on your operating system and browser, through this Oracle page.
Setting the Security Level of Unsigned Apps
A security level has been added to the Java Control Panel, accessible through its Security tab. This enables you to control the browser's behavior when it attempts to run unsigned apps. You can select Low, Medium, High or Very High security settings.
The default security level is High, where you are prompted before an unsigned Java app runs in the browser. You are given an option to update Java first if it is below the security baseline.
You may also choose to let unsigned apps to not run by setting the slider to Very High.
Trend Micro Solutions
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
|MS Bulletin ID||Vulnerability ID||DPI Rule Number||DPI Rule Name||Release Date||IDF Compatibility|
|CVE-2013-0422||1004771||Identified Malicious Java JAR Files||12-Jan-13||YES|
|1005177||Restrict Java Bytecode File (Jar/Class) Download||YES|