Java exploitation on the rise

The deadline for getting up to date on the latest Java has come an gone.

Microsoft posted on the 20th that they were seeing exploit code attacking the vulnerability in Java which Oracle patched in February.

Yesterday Brian Krebs posted that an exploit for this vulnerability is now in one of the more popular exploit kits.  Exploit packs are malware distribution for the script kiddie.  You purchase code that will try multiple exploits based on the type of computer that comes to a website.   This means it is far beyond targeted attacks, and into the general distribution.

The same advise as always, applies with Java.

1.  If you don’t need it, remove it.
2.  If you do need it, always run the most recent version.
3.  Watch for older versions hanging on.   Remove them.
4.  For safety only run Java in one browser, and use another browser for day-to-day browsing activities.   This lowers the attack surface area.
5.  In addition to antivirus, have some sort of URL filtering that blocks malicious sites such as the free consumer BlueCoat K-9.