Microsoft Java VM bitten by security bug

According to the Princeton Secure Internet Programming Team, a group of security experts, a flaw in Microsoft's Java Virtual Machine (JVM) could potentially give hackers access to user's systems over the Internet. The bug, which affects Internet Explorer 4.0 and 5.0, as well as other products, allows hackers to view, modify, or delete files on the user's system. They could also conceivably copy a virus or other destructive program to the machine.

"The bug is in Microsoft's Java virtual machine, so any software that could take Java code off the Net and feed it to that virtual machine would be vulnerable," said Ed Felten, associate professor of computer science at Princeton University. Felten's claim to fame, of course, was his "IE removal program," which was thrust into the limelight during the Microsoft antitrust trial.

When Felton's group alerted Microsoft to the problem, the company responded by issuing a patch that eliminates the vulnerability. You can find out more, and download the patch, from the Microsoft Web site.

Microsoft will issue the patched version of the JVM in future products, such as Internet Explorer 5.01 and Windows 2000.

"We are unaware of anyone that has been affected by this issue, but encourage users to download the update to ensure they are protected," a Microsoft spokesperson said