Showing results for 
Search instead for 
Did you mean: 
Level 12

IE and Java 0day responses ?

So...   we've got quite an issue on our hands as a security community with these IE [1] [2] and Java [3] 0days for which there's still no patch from either Oracle or Microsoft for the Metasploit available exploits.    Oracle did release a patch for Java 7, but apparently, it's not entirely effective[4].

Anyone blocking all Java file types, user agents at the border?  What's it break other than webex and gotomeeting for Firefox users?

Anyone gone so far as to block IE and give users a message to use Firefox or Chrome?






0 Kudos
3 Replies
Level 10

Re: IE and Java 0day responses ?

I do not know your business, but I personally think it is generally a good idea to have a whitelist of web sites that are allowed to use java applets. (Which is also true for java script and flash.) Block all the rest you do not need.

Again, it's my personal opinion; maybe not generally considered as best practice.



Level 13

Re: IE and Java 0day responses ?

This depends on the organization. Where I am IT is certainly trying to protect through restrictions, but we're still just another department under executive managment. If they don't want to hear complaints from users they'd rather open up the web with an attitude of "That's why we have McAfee, isn't it?"

In an environment where we've already decided we only use IE with a MWG7 that blocks certain categories and has an AV scanner, we're kinda stuck.

It's harder to take freedoms away from users when they've already had them for years. You end up looking like chicken little yelling about how the sky is faling to those who merely wish to keep the status quo.

0 Kudos
Level 12

Re: IE and Java 0day responses ?

Oh yay.  More Java 0day.  This time on 5/6/7 with sandbox bypass.    At least there's not a public exploit at this point.

0 Kudos