Majority of enterprise PCs open to Java exploits

The vast majority of enterprise computers are susceptible to new Java exploits because these machines are still running older versions of the popular general-purpose, object-oriented computer programming language, according to computer security software maker Websense Inc.

By Websense’s estimates as many as 93 per cent of enterprise organizations are vulnerable to Java exploits. Nearly 50 per cent of enterprise traffic used a Java version that was more than two years out of date, according to firm’s recent research data.

“New Java exploits, CVE-2013+2473 and CVE-2013-2463 are already making a big impact by targeting computers running outdated versions of Java,” the company said in a recent statement. “it’s clear the cybercriminals know there is a Java update problem for many organizations.”

Websense carried out an in-depth analysis throughout August this year across multiple verticals and industries. The company surveyed millions of real-world Web requests for Java usage through its global ThreatSeaker Intelligence Cloud.

Among its key findings were:

  • Only 19 per cent of enterprise Windows-based computers run the latest version of Java (7u25)
  • More than 40 per cent of enterprise Java requests are for browsers still using Java 6. As a result, more than 80 per cent of Java requests are susceptible to the new Java exploits CVE-2013+2473 and CVE-2013-2463
  • As many as 83.86 per cent of enterprise browsers have Java enabled
  • Nearly 40 per cent of users are not running the latest version of Flash

On the positive side, Websense said Java request went down to 40 per cent in August from 70 per cent earlier this year.

In January, the United States Department of Homeland Security urged computer users to disable Java plug-ins in their browsers because of a major vulnerability.

Around that time it was also reported that an emergency security update to Java 7 had failed to patch two new vulnerabilities and Oracle Corp.’s ability to ensure the security of Java was called into question by some analysts.

Websense also found out that nearly 25 per cent of Flash installations are more than six months old. Close to 20 per cent of Flash installations are outdated by a year, and about 11 per cent are out of date by two years.

The security company also said that its ThreatSeaker Intelligence Cloud detected an uptick in new hosts running the Neutrino exploit kit. Typically associated with ransomware payloads, Neutrino is best known for its easy-to-use control panels and ability to evade antivirus (AV) and intrusion prevention systems (IPS).

Websense said the spike could be attributed to the addition of Java-based code execution exploits to Neutrino.

“Forty per cent of Java 6 users are vulnerable to these new exploits and there are no software patches in sight,” said Websense, “Effective exploit kit delivery systems such as Neutrino, and unpatched vulnerabilities targeting Java 6 create a significant challenge to organizations that have not updated to Java 7.”



Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now