IT Pro Today is part of the Informa Tech Division of Informa PLC

INFORMA PLC|ABOUT US|INVESTOR RELATIONS|TALENT

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Documents Online Events Advertise About

Newsletter Sign-Up

Cloud

Recent in Cloud

SEE ALL Cloud

healthcare administrator transferring patient data via cloud computing applications

Cloud Computing

5 Best Practices for Achieving Healthcare Cloud Compliance 5 Best Practices for Achieving Healthcare Cloud Compliance

byChristopher Tozzi

Jul 1, 2024

4 Min Read

business people preparing audio visual presentation on collaboration in conference room

Unified Communications

How OpenAI Could Shape the Next Wave of Collaborative Platforms How OpenAI Could Shape the Next Wave of Collaborative Platforms

byEric Krapf, No Jitter

Jun 28, 2024

3 Min Read

Recent in OS

See All OS

abstract string backgroud

PowerShell

Advanced String Manipulation Techniques in PowerShell Advanced String Manipulation Techniques in PowerShell

byBrien Posey

Jun 28, 2024

3 Min Read

pins with words zero trust on a cybernetic board

Linux OS

How To Implement Zero-Trust Security in Linux Environments How To Implement Zero-Trust Security in Linux Environments

byGrant Knoetze

Jun 26, 2024

8 Min Read

IT Mgmt

Recent in IT Mgmt

See All IT Mgmt

person pressing an "IT" button

IT Management

Well-Intentioned Things IT Leaders Do That Hurt Team Productivity Well-Intentioned Things IT Leaders Do That Hurt Team Productivity

byInformationWeek

Jul 1, 2024

2 Min Read

two workers collaborating on computers

IT Operations

Duplicate Tech: A Bottom-Line Issue Worth Resolving Duplicate Tech: A Bottom-Line Issue Worth Resolving

byIndustry Perspectives

Jul 1, 2024

5 Min Read

Career

Recent in Career

See All Career Mgmt

person pressing an "IT" button

IT Management

Well-Intentioned Things IT Leaders Do That Hurt Team Productivity Well-Intentioned Things IT Leaders Do That Hurt Team Productivity

byInformationWeek

Jul 1, 2024

2 Min Read

worker frustrated by coworker's loud talking on the phone

Career Tips

The New Work Etiquette: If You Can't Spot the Jerk, It Might Be You The New Work Etiquette: If You Can't Spot the Jerk, It Might Be You

byThe Washington Post

Jun 27, 2024

6 Min Read

Storage

Recent in Storage

See All Data Storage

data floating

IT Operations

How IT Operations Can Play a Critical Role in Data Management How IT Operations Can Play a Critical Role in Data Management

byChristopher Tozzi

Jun 21, 2024

4 Min Read

virtual data stack

Data Storage

How to Build a Data Stack That Actually Puts You in Charge of Your Data How to Build a Data Stack That Actually Puts You in Charge of Your Data

byIndustry Perspectives

Jun 14, 2024

8 Min Read

Security

Recent in Security

See All IT Security

suspicious executive checking smart phone sitting on a desk at the office

Data Privacy

Is That App Sketchy? Here Are 3 Easy Ways To Check.Is That App Sketchy? Here Are 3 Easy Ways To Check.

byThe Washington Post

Jul 1, 2024

3 Min Read

aerial view of a car dealership lot

Attacks & Breaches

Hacked Software Firm CDK Expects All Dealers Live by July 4 Hacked Software Firm CDK Expects All Dealers Live by July 4

byBloomberg News

Jul 1, 2024

2 Min Read

Dev

Recent in Dev

See All Software Dev

cloud-native

Cloud Native

How Cloud-Native Development Benefits SaaS How Cloud-Native Development Benefits SaaS

byForrester Blog Network

Jun 28, 2024

3 Min Read

blurred programmer behind screen of code

Software Development Techniques

AI-Assisted Development Tools vs. Low-Code/No-Code: What to Use When AI-Assisted Development Tools vs. Low-Code/No-Code: What to Use When

byChristopher Tozzi

Jun 27, 2024

4 Min Read

Recent in DX

See All Digital Transformation

the logo of Apple is displayed on a mobile phone screen with artificial intelligence written in the background

AI & Machine Learning

Apple Offers Free AI Training for Developer Academy Students Apple Offers Free AI Training for Developer Academy Students

byBen Wodecki, AI Business

Jul 1, 2024

1 Min Read

ChatGPT login screen seen on smartphone and laptop displays.

AI & Machine Learning

OpenAI Releases CriticGPT to Catch Chatbot Hallucinations – Is It Enough?OpenAI Releases CriticGPT to Catch Chatbot Hallucinations – Is It Enough?

byDayneé Alejandra Rosales

Jul 1, 2024

2 Min Read

Infrastructure

Recent in Infrastructure

See All Infrastructure

Arati Prabhakar, director of the White House's Office of Science and Technology Policy

High Performance Computing

Biden’s Science Adviser Explains the New Hard Line on China Biden’s Science Adviser Explains the New Hard Line on China

byThe Washington Post

Jun 4, 2024

7 Min Read

Newsletters
How To…?
Industry Perspectives
Business Resources
Reports/Research
Online Events

Live Events
Videos
White Papers
Advertise With Us
About Us

Resource Library

Java
Software Development
Programming Languages

Microsoft's Java VM Exposes User Credentials

A flaw in the Java VM could allow a Web site operator to use a visiting user's credentials to gain access to protected data.

ITPro Today

August 21, 2000

1 Min Read

Reported August 21, 2000 by Microsoft

VERSIONS AFFECTED

Microsoft Java VM Series 2000, 3100, 3200, 3300 (installed with Internet Explorer 4.x and 5.x)

DESCRIPTION

By design, the browser-based Java VM runs untrusted Java applets within a security sandbox that restricts the applet's access to user's system. However, a flaw in the sandbox design could allow a Web site operator to use a visiting user's credentials to gain access to protected data.

VENDOR RESPONSE

Microsoft has released FAQ #FQ00-059, Support Online article Q271752, and patches for the affect versions.

To determine your Java VM version open a command window and enter the command "jview", which will display the version number.

According to Microsoft's bulletin,

All 2000 series Microsoft VM customers should install Microsoft VM build 2446
All 3100 series Microsoft VM customers should upgrade to build 3309 and install the 3314 security patch
3200 series Microsoft VM customers should do one of the following:
- All 3200 builds:
  Upgrade to build 3309 and install the 3314 security patch
- Builds 3229–3234:
  Install the security patch from Bulletin MS00-011 before installing this new 3314 security patch
- Build 3240:
  Install the 3314 security patch
All 3300 series Microsoft VM customers should install the 3314 security patch