http://www.reuters.com/news_article.jhtml?type=technologynews&StoryID=719918 [Is it just me, or does it seem very quiet about Microsoft's stand-down for the month learning about security? & why hasn't anyone at Redmond invited any of the IT & IS journalists to sit in on this security training? - WK] March 19, 2002 08:35 PM ET SAN FRANCISCO (Reuters) - Microsoft Corp. has released a bulletin advising of a second vulnerability in software that allows Windows users to run programs written in Java, a Microsoft program manager said on Tuesday. Microsoft and Sun Microsystems Inc., creator of the Java programming language, released a joint bulletin about the first vulnerability affecting the Java Virtual Machine code on March 4. They released a subsequent bulletin on Monday, according to Christopher Budd, security program at the Microsoft Security Response Center. Both vulnerabilities were rated "critical" because of the harm they could cause, however there have been no known attempts to exploit the vulnerabilities, he said. An update to Microsoft's Java Virtual Machine released on March 4 fixes both vulnerabilities, Budd added. The first vulnerability could allow a malicious Java applet on a Web site to monitor a visitor's Web surfing until the browser window is closed. The second vulnerability would allow a malicious Java program to run outside a restricted area on a users' computer. Users are only at risk if they go through a proxy server to access Web sites as is common in corporations but not homes. Proxy servers are commonly used to cache content on frequently accessed Web sites, housing it on a server closer to the end user so that the downloading is faster. - ISN is currently hosted by Attrition.org To unsubscribe email email@example.com with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Mar 20 2002 - 04:38:37 PST