Sifting through the data collected and analyzed in order to compile the latest Microsoft Security Intelligence Report, senior program manager Holly Stewart came to an interesting conclusion: Java exploits have become way more popular with hackers than the Adobe-related ones:
This enormous jump is, according to Stewart, due to the fact that three particular vulnerabilities are being constantly exploited. Brian Krebs offers his own explanation: Java exploits have been incorporated into a number of popular exploit packs (Eleonore, Crimepack, SEO Sploit Pack, Blackhole).
These vulnerabilities have been patched for a while, but the problem is that users fail to update Java on their system. “Java is ubiquitous, and, as was once true with browsers and document readers like Adobe Acrobat, people don’t think to update it. On top of that, Java is a technology that runs in the background to make more visible components work. How do you know if you have Java installed or if it’s running?” says Stewart.
Given that Oracle has recently issued a Java security update that patches nearly 30 vulnerabilities, this would be a good time for all users to update the program or check for its existence on their systems and then update it. And while they’re at it, they could configure the built-in updater to check for new versions every week.