Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Pastimes : Computer Learning -- Ignore unavailable to you. Want to Upgrade?

To: SmoothSail who wrote (29294)	9/20/2002 8:57:53 AM
From: SIer formerly known as Joe B.	Read Replies (1) \| Respond to of 110653

HEADS UP! MS warns of "critical" Java VM flaws By Robert Lemos Special to ZDNet News September 19, 2002, 4:34 AM PT zdnet.com.com Microsoft released an advisory Wednesday night warning all users of its Windows operating system of two new critical flaws that could allow a malicious attacker to take control of a victim's PC. The critical flaws occur in the software giant's implementation of the Java Virtual Machine, which allows platform-independent programs to run on a PC. "(The flaws) could enable an attacker to gain complete control over a user’s system," stated the advisory. "This would enable the attacker to perform any operation that the user could, such as running applications; communicating with web sites; (and) adding, deleting or changing data." An attacker could exploit the flaws by getting the victim to view a certain Web site with the code embedded in page. HTML e-mail could also be a danger, unless the recipient uses Outlook 2002, Outlook Express 6.0 or has installed the Outlook E-mail Security Update. Finally, those who used the Internet Explorer security settings to disable Java applets won't be affected by the vulnerabilities. The first vulnerability is caused by a lack of vigilance of certain Java classes that handle database requests. While the classes do attempt to block illegal requests, the security measures can be bypassed, the advisory states. A second flaw occurs in a Java class that’s provided to support the use of XML via Java, but allows all programs--not just a select few--to use the methods. Microsoft has a patch posted on its site and linked from the advisory. Windows users can also get the patch through Windows Update.