Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Microsoft's Java VM Exposes User Credentials
A flaw in the Java VM could allow a Web site operator to use a visiting user's credentials to gain access to protected data.
ITPro Today
August 21, 2000
1 Min Read
Reported August 21, 2000 by Microsoft
VERSIONS AFFECTED
Microsoft Java VM Series 2000, 3100, 3200, 3300 (installed with Internet Explorer 4.x and 5.x)
DESCRIPTION
By design, the browser-based Java VM runs untrusted Java applets within a security sandbox that restricts the applet's access to user's system. However, a flaw in the sandbox design could allow a Web site operator to use a visiting user's credentials to gain access to protected data.
VENDOR RESPONSE
Microsoft has released FAQ #FQ00-059, Support Online article Q271752, and patches for the affect versions.
To determine your Java VM version open a command window and enter the command "jview", which will display the version number.
According to Microsoft's bulletin,
All 2000 series Microsoft VM customers should install Microsoft VM build 2446
All 3100 series Microsoft VM customers should upgrade to build 3309 and install the 3314 security patch
3200 series Microsoft VM customers should do one of the following:
All 3200 builds:
Upgrade to build 3309 and install the 3314 security patchBuilds 3229–3234:
Install the security patch from Bulletin MS00-011 before installing this new 3314 security patchBuild 3240:
Install the 3314 security patch
All 3300 series Microsoft VM customers should install the 3314 security patch
CREDIT
Discovered by Microsoft
Read more about:
MicrosoftAbout the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
