Originally published February 23 2006
Sun warns of seven serious security bugs
by Mike Adams, the Health Ranger, NaturalNews Editor
The flaws affect recent versions of JRE on Windows, Solaris and Linux, and could give malicious applets the same access to the operating system as the user. Secunia gave the bugs a "highly critical" rank.
Enterprises are facing new Internet threats from several different directions this week, with serious security flaws disclosed in the Java Runtime Environment (JRE), Windows and Internet Explorer, and exploit code released to exploit a recent flaw in the Mozilla Firefox browser.
Sun Microsystems has warned of seven serious security bugs in JRE, which could allow malicious Java applets to get around the "sandbox" that normally screens applets off from the rest of the operating system.
"For example an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user," Sun said in an advisory.
Microsoft bugs Microsoft warned of two unpatched vulnerabilities, one affecting Windows and one affecting older versions of Internet Explorer.
Microsoft released an advisory detailing a workaround for the IE flaw, and a separate advisory with a workaround for the Windows flaw.
The browser flaw affects only IE 5.0 on Windows 2000 Service Pack 4 and IE 5.5 on Windows Millennium, according to Microsoft; that said, vulnerabilities affecting only older platforms have recently shown that they can cause significant problems.
It is separate from another WMF-related bug that has been widely exploited on the Internet in recent days, according to the company.
The second bug relates to proof-of-concept code released by two Princeton University researchers, demonstrating that Access Control Lists (ACLs) used in third-party Windows applications can be easily used to give applications elevated privileges.
The code also attempts to escalate a user's privileges by exploiting default services of Windows XP Service Pack 1 and Windows Server 2003.
"Users who run Windows XP Service Pack 1 and Windows Server 2003 Gold may be at risk, but the risk to Windows Server 003 users is reduced," the advisory said.
All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing LLC takes sole responsibility for all content. Truth Publishing sells no hard products and earns no money from the recommendation of products. NaturalNews.com is presented for educational and commentary purposes only and should not be construed as professional advice from any licensed practitioner. Truth Publishing assumes no responsibility for the use or misuse of this material. For the full terms of usage of this material, visit www.NaturalNews.com/terms.shtml