ID: IRCNE2012071566
Date: 2012-07-28
According to "zdnet", microsoft points to two type-confusion vulnerabilities (CVE-2012-0507 and CVE-2012-1723) that have been very actively exploited in recent months. Redmond thus wants you to do one of three things: update Java, disable it, or uninstall it.
Type-confusion vulnerabilities are effective because they lead to a Sandbox compromise for Java. As a result, Microsoft's first recommendation is to update your Java installation. To check the version of JRE your browser is running, head over to java.com/en/download/installed.jsp and get the latest version.
Microsoft has offered guidance for those who don't want to keep Java updated. The software giant points to Apple's instructions for the Mac (support.apple.com/kb/HT5241) and details its own instructions for Windows:
If you prefer, you may also just disable your current Java Plug-in temporarily to prevent being vulnerable to Java-based threats. To do this, on Windows systems, go to "Control Panel" and select "Java". When the "Java Runtime Environment Settings" dialog box appears, select the "Java" tab. From there, click the "View" button. You can just uncheck the "Enabled" check box to disable that installation from being used by Java Plug-in and Java Web Start. Even though you can disable Java Plug-in on a per-browser basis, this method is most effective in disabling Java Plug-in system-wise.
Microsoft recommended you uninstall Java if you don't use it.
- 2