G-TechNote™: Microsoft Says Update JAVA or Kill It
Microsoft has decided is enough is enough: Java-based malware sees no end and it’s time to do something about it.
The software giant points to two type-confusion vulnerabilities that have been very actively exploited in recent months.
Microsoft thus wants you to do one of three things: update Java, disable it, or uninstall it.
First, some background.
Type-confusion vulnerabilities are effective because they lead to a Sandbox compromise for Java.
They occur when the type safety check in Java Runtime Environment (JRE) fails to verify wrong types supplied to instructions working with different types.
If the classes’ type safety is broken, you can access some methods that are not supposed to be opened to processes outside of the class.
As a result, Microsoft’s first recommendation is to update your Java installation.
To check the version of JRE your browser is running, head over to java.com/en/download/installed.jsp and get the latest version.
Microsoft has offered guidance for those who don’t want to keep Java updated.
The software giant points to Apple’s instructions for the Mac (support.apple.com/kb/HT5241) and details its own instructions for Windows:
If you prefer, you may also just disable your current Java Plug-in temporarily to prevent being vulnerable to Java-based threats.
To do this, on Windows systems, go to “Control Panel” and select “Java”.
When the “Java Runtime Environment Settings” dialog box appears, select the “Java” tab.
From there, click the “View” button.
You can just uncheck the “Enabled” check box to disable that installation from being used by Java Plug-in and Java Web Start.
Even though you can disable Java Plug-in on a per-browser basis, this method is most effective in disabling Java Plug-in system-wise.
Last but not least, Microsoft recommended you uninstall Java if you don’t use it.
Instructions from Oracle are available at java.com/en/download/uninstall.jsp.
After seeing the Microsoft’s warning, one can choose to kill Java with fire.
To do that you remove it completely from Windows 7.
If any time you plan to do some programming in JAVA, you reinstall Java then.
“So, by following some simple steps, you can protect your machine from this malware infection by choosing to update, disable or uninstall,“ a Microsoft spokesperson said in a statement.
“All of these will be effective for preventing currently prevalent Java based malware; it’s just up to you to choose the right method to protect yourself based on your needs and situation.“