Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Out-of Order Java Update

Published: 2016-02-09
Last Updated: 2016-02-09 14:12:28 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

Oracle released an emergency update for Java [1]. The nature of the flaw, and how the update fixes the flaw, is somewhat obscured. According to Oracle's advisory, the user would first have to install malicious software, then install Java. So it doesn't appear to be exploitable on any system that has Java already installed. The Oracle advisory also states that an exploit is complex.

At this point, I don't see a compelling reason to "rush out" this patch. Deal with it as part of your regular patch process. Some of the Microsoft patches to be released later today are likely more important.

[1] https://blogs.oracle.com/security/entry/security_alert_cve_2016_0603

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords:
3 comment(s)
Diary Archives