The number of the hacker attacks continues in large quantities using vulnerabilities in Java from Oracle, Microsoft on Monday reported.
Referring to recent researches, Tim Rains, the head of the Trustworthy Computing group in Microsoft company, noted: nearly a half of all attacks detected and blocked during the 12-month period were the Java exploits. In total from the middle of 2010 on the middle of 2011 more than 27 million Java exploits were stopped. In the majority of these attacks nepropropatchenny vulnerabilities were used, Rains told.
Most of all attacks (more than 2.5 million) were blocked in the first half of 2011. It is characteristic that the error in software allowing accomplishment of an exploit was detected in March, 2010 and a propatchena of Oracle then. The exploit aimed at the error corrected at the beginning of December, 2008, nearly three years ago was the second most popular for the 12-month period. Some more errors which are actively used by hackers were corrected by the corresponding patches in November, 2009 and March, 2010.
Results of observations of Microsoft did not become surprise for independent researchers in the field of security. "On the majority of the PC under Windows just did not update Java, - Wolfgang Kandek, the technical director of the company of Qualys told. - Updates of Java strongly lag behind. For 84% of machines we did not detect June updating of Java of 2011, 81% have no February updating of 2011 and for 60% March updating of 2010 is not set".
Qualys has still not enough data for determination of rating of the set October corrections (2011) from Oracle, but, by Kandek's estimates, more than 90% of users of computers with Windows did not set them yet. When it is about vulnerabilities in Windows OS, corporate users usually act much quicker, Kandek noted. According to him, at emergence of ordinary errors, a half of machines from this OS will be propatchena within 29 days. Critical patches will be unrolled even quicker: about 15 days.
Prevalence of Java – one of explanations for a large number of the attacks using errors in software was told by Andrew Storms, the security director digging of nCircle. "Java it not what most of users interacts with... Adobe Flash or Reader is similar, - Storms noted. – It on each computer, but you seldom interact with it. From the point of view of forwards, use of Java as silent killer is a reasonable step. If people do not know, what is it, and do not know what is done by this program, they with smaller hunting update it. It is possible to imagine that there are set of old vulnerabilities".
Qualys recommends to the companies by need using not updated applications of Java to display their work out of limits of network. The hackers creating sets of exploits constantly add the new Java exploits to the products, supplementing already outdated, but still effective exploits of old vulnerabilities, Kandek emphasized. Sets of such malware are already equipped with exploits of vulnerabilities which Oracle corrected in October.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |