Unpatched Java Vulnerability Allows Troj/Agent-XNE and Mal/JavaKnE-H to Spread Rapidly

A new Zero Day flaw within the Java infrastructure has been overturned to be a widespread threat potentially affecting millions of computers connected to the Internet. Java is Oracle-owned programming language that is widely used particularly for client-server web applications. Most web browser applications utilize Java for implementing certain functions to interact with websites.

Flaws or bugs found within Java could very well have a reach of plaguing millions of computer users around the world. The recent flaw, first discovered by the security firm FireEye, is being used in limited targeted attacks among Java run-time environments. Currently this flaw is limited to Java 7 (1.7x versions).

Currently, no patch is available for the Java exploit, which is expected to be added to the Blackhole Exploit kit. The Blackhole Exploit kit is known to be an expensive and massive hodgepodge of targeted tools, which hackers may use to exploit vulnerabilities within computer's web browser programs.

The Troj/Agent-XNE and Mal/JavaKnE-H unpatched Java exploits, are known to carry a payload that disables the Java security manager to allow untrusted code within a web browser. This could potentially allow a malicious applet to do anything that Java can. Basically, this Java exploit could be used to load bad code instructing a system to perform malicious actions without any guided actions from the computer user.

Avoiding and solving this fiasco lies with applying a patch to Java, disabling Java altogether or utilizing antimalware software to prevent infiltration. The first solution, applying a patch, may not be feasible until Oracle releases a patch for Java, which is not scheduled until the next update on October 16, 2012. Oracle has had a track record for not releasing Java updates frequently. Disabling Java on your favorite web browser is a way to prevent the Java exploitation. The latter solution is probably the easiest requiring the least amount of tech-savviness to proactively protect your system against the malware payload carried by the Troj/Agent-XNE and Mal/JavaKnE-H parasites.