Last Modified: April 26, 2013

Windows PC and Mac users who have the Oracle Java JRE web plug-in version 7u10 and below should immediately update to the latest release of Java JRE 7u11 [1], or disable Java from their computer browsers [2].

BACKGROUND

On January 10, 2013, security researchers reported an unpatched vulnerability in Oracle Java 1.7u10. This vulnerability has been labeled CVE-2013-0422

Security professionals comment that attack code that exploits the vulnerability is being “massively exploited in the wild.” Miscreants use such exploits to turn compromised websites into platforms for silently installing keyloggers and other types of malicious software on the computers of unsuspecting website visitors.

IMPACT

Browsing the web with a vulnerable version of Java installed and enabled means that simply visiting a website or clicking on a link in an e-mail message is enough for an attacker to compromise your computer. This is known as a “drive-by download” [3]. The malicious software installed through these attacks may collect usernames and passwords used on the compromised computer, including credentials for sensitive websites, bank accounts, email etc.

While “safe browsing” to only trusted websites may limit your exposure to drive-by downloads, it does not address the underlying vulnerability and prevent exploitation. Please see “Recommendations” and “Workarounds” below for further steps that should be taken.

PLATFORMS AFFECTED

All versions of Oracle Java 7 (aka JRE 1.7) from the initial release up through update 10 are vulnerable. This affects both Windows PC and Mac OS if you have installed the JRE web plug-in. Oracle maintains that earlier versions of Java are not affected by this particular exploit[6].

RECOMMENDATIONS

• Update Java Immediately - Regularly check for updates and remove old versions of Java. Java 7 update 11 is available at the website http://www.java.com [1].
• Update Anti-Virus/Anti-Malware software – MU campus users who have the latest version of Symantec Endpoint Protection (SEP) 12.1.2015 [9] installed will receive additional protection thru the ‘Proactive Threat Protection’ and ‘Network Threat Protection’ modules. This includes a browser-protection technology which can detect and prevent malicious Java from being executed on client computers.
• Use an alternative web browser – it has been reported that users of the latest versions of Mozilla Firefox, Google Chrome, and Apple’s Safari browsers are provided additional security protections not currently found in the default Windows IE9 web browser [7].
• Exercise caution - Don’t click on web popups, but close the window instead. If they won’t close, open your process list and force your browser to close.

WORKAROUNDS

Disable Java. [2] NOTE: This workaround may prevent certain websites from working correctly, and must be considered in relation to essential enterprise applications like Banner which currently depends on Java 6 – note both Java 6 and Java 7 can both be installed at the same time, but keeping both versions updated may require the use of manual updates).

FURTHER READING

[1] http://java.com/en/download/installed.jsp?detect=jre&try=1

[2] https://krebsonsecurity.com/how-to-unplug-java-from-the-browser/

[3] http://en.wikipedia.org/wiki/Drive-by_download

[4]  http://blogs.technet.com/b/srd/archive/2012/05/15/introducing-emet-v3.aspx

[5] http://www.oracle.com/technology/deploy/security/alerts.htm

[6] http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html

[7] https://blog.mozilla.org/security/2013/01/11/protecting-users-against-java-vulnerability/

[8] http://krebsonsecurity.com/tag/cve-2013-0422/

[9] http://www.marshall.edu/antivirus

If you have additional questions regarding the content or recommendations in this security bulletin, please contact your departmental IT service provider, the IT Service Desk at itservicedesk@marshall.edu / 304-696-3200, or the IT Office of Security infosec@marshall.edu.

Last Modified: January 14, 2013

Members of the IT team and ITSP community are still creating and testing the supportability of a number of configurations for both Windows 8 and SEP to ensure compatibility with campus services, appropriate level of protection, and (for personal-owned machines) a simplified but usable product.

We are making the following recommendations:

• Use Microsoft Security Essentials for Personally-owned Machines – Since incorporating future configuration changes into an already deployed (personally-owned) client is difficult, we suggest using the widely available and Microsoft-supported solution of Microsoft Security Essentials (MSE) as a low-risk/no-cost solution for students and personally-owned machines. MSE integrates with the Windows Security Center provides an adequate level of protection until we are ready to support the new release of SEP 12.1R2.
• Use Symantec Endpoint Protection for University-owned Machines – We are still recommending SEP 12.1.2RU2 for University-owned computers as the managed client allows for on-the-fly changes to be made thru the Symantec Management Console. The latest version of SEP 12.1RU2 is available here:  \marshall.edumunetDistributionsSymantecCurrent-Install-Packages_Windows_8_Support . The BASIC package includes the base anti-virus/malware module; the FULL package includes anti-virus/malware, proactive threat protection including browser plug-in support, and network threat protection (NTP) and intrusion detection (IDS) modules.  NOTE: be aware that the NTP module disables the default Windows Firewall and establishes its own firewall access control list. It is this feature which is giving us the most concern as it has the potential to do a lot of good, but also will have a learning curve.

An update: The Marshall University Office of Information Technology now supports the use of Symantec Endpoint Protection 12.1RU2 / ver 12.1.2xxx and newer for Windows 8 OS. Read more.

Last Modified: April 26, 2013

A Growing Target of Opportunity – Since PC’s running Windows OS make up the vast majority of personal computer sales[1], Apple Macs running Mac OS were not as frequently targeted by hackers. Now, a combination of events including growing popularity/afforadbility of the Mac as well as improved security/awareness of PC users – are drawing the hackers attention towards a growing Mac user community. The Mac community is typically not accustomed to many of the threats previously found in the PC community.

Apple Mac OS users can significantly improve the security of their computers by following the same prescriptive advice given to PC users for years:

1. Apply OS and Application Updates on a regular basis. Locate the ‘Software Update…’ link (hint: it’s under  your Apple menu) and make it your new best-friend.
2. Install Anti-virus/anti-malware software and keep it current. MU students, faculty and staff are licensed to install Symantec Endpoint Protection for Macintosh for personally-owned computers.
3. Be very suspicious of any software downloads, e-mail attachments or webpages which attempt to collect/submit your personal information (usernames, passwords, social security and account numbers, etc.). No reputable organization or company will ask you to provide this information in such an insecure manner.
4. When in doubt – DON’T do it. (Alternatively, when in doubt, DO reach out to your departmental IT Service Provider, the MU IT Service Desk , or the MU Information Security team for advice ).

Resources URL’s:
Widespread Virus Proves Macs Are No Longer Safe from Hackers
Think Apple’s Got Your Back?
Apple: Mac Users Should Get Antivirus Software
Apple Patches Java Flaw Exploited by Flashback Trojan
Apple Mac Malware: A short History (1982-2010)

[1] Gartner Says Worldwide PC Shipments Increased…

Last Modified: April 17, 2013

Download the latest releases

Last Modified: April 17, 2013

You can upgrade to the latest maintenance release of Symantec Endpoint Protection:
-11.0.6300.803 for Windows OS including Windows XP, Windows Vista and Windows 7 posted on 6/28/2011.
-11.0.6300.0212 for MAC OS 10.4 (Tiger), 10.5, (Leopard) and 10.6 (Snow Leopard) issued on 6/28/2011.

Download the latest release here

Last Modified: June 11, 2012

-11.0.6200.754 for Windows OS including Windows XP, Windows Vista and Windows 7 issued on 1/25/2011.
-11.0.6200.0203 for MAC OS 10.4 (Tiger), 10.5, (Leopard) and 10.6 (Snow Leopard) issued on 1/25/2011.

Download the latest release here

Last Modified: January 25, 2011

-11.0.6005.562 for Windows OS including Windows XP, Windows Vista and Windows 7  issued on 5/4/2010.
-11.0.6000.0162 for MAC OS 10.4 (Tiger), 10.5, (Leopard) and 10.6 (Snow Leopard) issued on 4/19/2010.
Download the latest release here:

Last Modified: June 11, 2010