Tool Blocks Java Attacks in IE

Tuesday, June 11, 2013 @ 04:06 PM gHale

Microsoft took steps to help rid users of problems associated with Java by releasing a FixIt tool designed to block all of the Web-based Java attack vectors in Internet Explorer, while still leaving the desktop Java functionality intact.

Java has been an attacker’s dream for the past few years, to help users defend themselves against Web-based attacks using Java plug-ins in the browser, Microsoft’s FixIt tool will block all of the Web-based vectors for attack on all versions of Java.

Microsoft Zero Day Disclosed
Google Gives 7-Day Patch Period
Security Plans Set for Java
Ransomware Uses Java Zero Day

“The Fix it solution consists of two parts. The first makes use of Windows Application Compatibility Toolkit, changing the behavior of Internet Explorer at runtime so that it will prevent the load of Oracle’s Java Web plugins,” said Cristian Craioveanu of the Microsoft Security Response Center. “This is achieved by hooking all LoadLibrary* functions so that they return NULL (last error ERROR_FILE_NOT_FOUND) when attempting to load all Java ActiveX dlls (npjpi*.dll, jp2iexp.dll). The second part prevents Internet Explorer from automatically opening JNLP files. It does this by clearing the ACL (access control list) of the JNLP protocol handler registry location (HKCR\JNLPFile), thus preventing all user apps from reading its contents.”

The new tool works to block Web attack vectors for Internet Explorer only.

If you use an alternate browser such as Chrome or Firefox, this method won’t work. There are ways to disable the Java plug-in in each of the other browsers, typically by going in to the settings menu and removing it from the list of running plug-ins.

The FixIt also doesn’t have any effect on desktop applications that use Java.

Leave a Reply

You must be logged in to post a comment.