Oracle fixes serious Java vulnerability for Windows
Oracle has released an unplanned update for Java - Java 8 Update 73 (8u73, as well as 6u113 and 7u97). The new version of the software has fixed the vulnerability CVE-2016-0603 ( Security Alert for CVE-2016-0603 ), which allows attackers to compromise the system when installing the product using distributions of Java 6, 7 and 8. The vulnerability is present in the installer component (Windows Installer) and lies in the fact that it can execute certain files in the user's downloads directory (Downloads) prepared by the attacker in advance.
The vulnerability is relatively difficult to exploit, since attackers need to place the necessary files in the download directory even before the user launches the software distribution kit for execution, so the CVSS (7.6) is not assigned the highest level of danger. At the same time, if the attack scenario is successfully implemented, attackers will be able to gain complete control over the system, since the attacker's DLL library will be executed in the context of a process with high Administrator rights in the system.
Since the vulnerability itself is located in the installer, and not in the working software files, the user with the installed product does not need to update it. Users who have already downloaded the distributions of previous versions are recommended to remove them and download the updated ones.
')
Download Java 8 Update 73 at this link .
be secure.
The vulnerability is relatively difficult to exploit, since attackers need to place the necessary files in the download directory even before the user launches the software distribution kit for execution, so the CVSS (7.6) is not assigned the highest level of danger. At the same time, if the attack scenario is successfully implemented, attackers will be able to gain complete control over the system, since the attacker's DLL library will be executed in the context of a process with high Administrator rights in the system.
Since the vulnerability itself is located in the installer, and not in the working software files, the user with the installed product does not need to update it. Users who have already downloaded the distributions of previous versions are recommended to remove them and download the updated ones.
')
It is necessary to upgrade your installation to address the vulnerability. However, Java users have been prior to 6u113, 7u97 or 8u73, they should be downloaded.
Download Java 8 Update 73 at this link .
be secure.
Source: https://habr.com/ru/post/276789/
All Articles