US-CERT Cyber Security Alert SA08-193A -- Sun Updates for Multiple Vulnerabilities

National Cyber Alert System
Cyber Security Alert SA08-193A

Sun Updates for Multiple Vulnerabilities

Original release date: July 11, 2008
Last revised: --
Source: US-CERT

Systems Affected

Sun Java Runtime Environment versions

JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier
SDK and JRE 1.4.2_17 and earlier
SDK and JRE 1.3.1_22 and earlier

Overview

By convincing you to visit a malicious website, an attacker could use a vulnerability in Sun Java to gain control of your computer. You may have Java on your computer without even realizing it.

Solution

Apply an update from Sun

Sun has released updates that fix these vulnerabilities. As illustrated on the Java website, follow these instructions to update your version of Java:

From the Start menu, open the Control Panel.

Click the Java icon to open the Java Control Panel. (If you do not see the icon, Java is probably not installed on your computer.)

Select the Update tab and click the Update Now button. (If you do not see an Update tab, your version of Java does not support updates, or you must log in as an Administrator.)

We also recommend enabling Automatic Updates for Java. To enable Automatic Updates, go to the Update tab of the Java Control Panel and select the Check for Updates Automatically check box.

Leaving older versions of Java on your computer after the update could expose you to security risks. You may want to remove the older versions by following Sun's instructions.

Disable Java

We recommend that users disable Java in their web browser. Disabling Java in your web browser will not fix the vulnerability, but it may prevent an attacker from being able to take advantage of it. Instructions for disabling Java are available in the Securing Your Web Browser document.

Description

Vulnerabilities in Sun Java may allow an attacker to access your computer, install and run malicious software on your computer, or cause your computer to crash. An attacker could exploit these vulnerabilities by convincing you to view a malicious web document.

For more technical information, see US-CERT Technical Alert TA08-193A.

References

US-CERT Technical Cyber Security Alert TA08-193A - <http://www.us-cert.gov/cas/techalerts/TA08-193A.html>

What is Java Update? - <http://www.java.com/en/download/help/5000020700.xml>

Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>

Feedback can be directed to US-CERT.

Produced 2008 by US-CERT, a government organization. Terms of use

Revision History

July 11, 2008: Initial release

Last updated July 14, 2008

US-CERT: United States Computer Emergency Readiness Team