3 Replies Latest reply: Jan 16, 2013 3:13 PM by rmetzger RSS

    What is the DAT Number which includes the Java Exploit Vulnerability?

    mcuser999

      Hi -

       

      What is the DAT Number which includes the recent Java Exploit Vulnerability?

      I need to make sure that this DAT is protecting my system from this Java exploit since I cannot disable Java within my browser as I need to work with programs that do require Java enabled within the browser.

       

      Thanks in advance!

        • 1. Re: What is the DAT Number which includes the Java Exploit Vulnerability?
          rmetzger

          mcuser999 wrote:

           

          Hi -

           

          What is the DAT Number which includes the recent Java Exploit Vulnerability?

          I need to make sure that this DAT is protecting my system from this Java exploit since I cannot disable Java within my browser as I need to work with programs that do require Java enabled within the browser.

           

           

          Check out "McAfee Labs Security Advisory: MTIS13-008" https://community.mcafee.com/docs/DOC-4574

           

          This is the latest publically published document as of 'now' by McAfee related to this Java vulnerability.

           

          According to the pdf: https://community.mcafee.com/servlet/JiveServlet/downloadBody/4574-102-1-7531/MT IS13-008.pdf

           

          MTIS13-008.pdf:

           

          DAT FILES

               Coverage is available in the 6952 DATs,released January 11. Exploit binaries are

               detected as PWS-Zbot.gen.aua, Exploit-CVE2013-0422, JS/Blachole-Redirector,

               Ransom-AAV, and JS/Exploit-Rekit.a.

          Today's release Dat file is at version 6956.

           

          Consider updating Java (directly from Oracle) here:

          http://www.oracle.com/technetwork/java/javase/downloads/index.html

           

          Additional info can be found here (US-CERT VU#625617):

          http://www.kb.cert.org/vuls/id/625617

           

          VU#625617:

           

          Solution

                      Update to Java 7u11

           

          Oracle Security Alert CVE-2013-0422 states that Java 7 Update 11 addresses this (CVE-2013-0422) and an equally severe, but distinct vulnerability (CVE-2012-3174). Immunity has indicated that only the reflection vulnerability has been fixed and that the JMX MBean vulnerability remains. Java 7u11 sets the default Java security settings to "High" so that users will be prompted before running unsigned or self-signed Java applets.

           

           

          So, in my humble opinion, an update to Java should be done, regardless of AV solutions.

           

          When updating, you may want to Uninstall Java 6 entirely from you system, if you can, as updates to this version has stopped with v6u38, 2012-11-17.

           

          When updating Java, you may need to update both 32-bit versions And 64-bit versions of Java, to make sure the vulnerability is properly fixed.

           

          Realize that once the 64-bit version is installed, Java will Not automatically retrieve updates, which the 32-bit version currently does.

           

          Of course, the 64-bit version applies to those with 64-bit systems.

           

          Hope this is helpful.

          Ron Metzger

           

          Message was edited by: rmetzger (v6 updates) on 1/15/13 3:18:13 PM EST
          • 2. Re: What is the DAT Number which includes the Java Exploit Vulnerability?
            mcuser999

            Thanks.

             

            And are these signatures in the SuperDAT or DAT files? Or, would it matter?

            I am running unmanaged.

            • 3. Re: What is the DAT Number which includes the Java Exploit Vulnerability?
              rmetzger

              Yes, the SuperDAT or xDat executables are the complete signature files. The signature files are packaged together with a script language specifically designed to do whatever McAfee deems needed to repair, replace, or otherwise change McAfee software, signatures, etc., that the standard update process would not normally be capability of doing. The SuperDAT also includes the latest Scan Engine (as of now) v5400 and can repair that installation as well as updating and repairing the signature files.

               

              Download the most recent xdat or SDat and you have the most recent version. As of this post, version 6957 is available.

               

              If you are successfully updating (unmanaged) via McAfee's site, the xDat or SDat executables are not needed.

               

              I Strongly Advise updating Java if possible.

               

              Good luck.

              Ron Metzger

               

              Message was edited by: rmetzger on 1/16/13 4:13:19 PM EST