Protects enterprises against a vulnerability in Microsoft Java Virtual Machine; affected versions of Internet Explorer may expose confidential information.
Internet Security Systems (ISS), a provider of managed security services, recently announced that it has provided customers protection against a vulnerability in Microsoft Java Virtual Machine.
According to ISS, Microsoft currently does not offer a patch for the vulnerability in Microsoft Internet Explorer javaprxy.dll. This vulnerability is considered to be a serious threat to enterprise organizations due to the widespread use of Internet Explorer and the public availability of exploits for this issue, which could allow an attacker to obtain remote access to and compromise networks and machines. Through this vulnerability, an attacker could lead a user to a malicious Web site using Internet Explorer or render a malicious HTML page sent by email and trigger a stack-based overflow, leading to arbitrary code execution and remote compromise which would grant him administrative privileges. Compromise of networks and machines using affected versions of Internet Explorer may lead to exposure of confidential information, loss of productivity and further network compromise.
The company claims that, through the Buffer Overflow Exploit Prevention technology in its Proventia Desktop and Server Sensor SR 4.2 and 4.3 products, it has been offering preemptive protection for its customers against this vulnerability since it was first uncovered. ISS has also provided customers with additional product updates, ensuring comprehensive protection against this vulnerability.