Solved

New java vulnerability

  • 14 January 2013
  • 2 replies
  • 29 views

I'm in the process of updating Java on all my workstations with the latest update from Oracle to address the newly discovered vulnerability.  Since this is going to take me quite some time to complete, can you tell me if my workstations will be protected from potential exploits of Java--with or without Oracle's latest patch?
icon

Best answer by browell 14 January 2013, 21:50

View original

2 replies

Userlevel 7
Badge
It's my understanding that Webroot will not stop the actual vulnerability but will protect you from most of the stuff that they will try to infect you with via the vulnerability. Even if it doesn't detect it immediately, it should be able to revert all changes once it is detected.

 

I'd be interested in hearing more from Webroot about any specific detections they have in place for this paticular exploit. Best case is that they could implement a generic detection for the actual series of steps used to exploit it.
Badge +7
@ wrote:

It's my understanding that Webroot will not stop the actual vulnerability but will protect you from most of the stuff that they will try to infect you with via the vulnerability. Even if it doesn't detect it immediately, it should be able to revert all changes once it is detected.

 

I'd be interested in hearing more from Webroot about any specific detections they have in place for this particular exploit. Best case is that they could implement a generic detection for the actual series of steps used to exploit it.

explanoit is correct.  WSA won't fix the vulnerability, but it has several different features which will keep you protected.

- Web Threat Shield.  WSA's URL filter that blocks malicious websites.  These are where the Java exploits are located.

- Privacy protection.  If a rouge Java app does run then WSA will protect your user's data from theft by that app.

- Journaling and rollback. If an exploit is used to download unknown malware, then WSA will monitor that file and journal any changes.  This can then be blocked and removed when a signature or rule is created.  This is the reverting that explanoit mentions.

 

There may be some other technical details that our threat researchers can plug in here, but this is how WSA protects your users everyday.

Reply