In light of the regularity of malware incidents, we have another security bulletin about Java and Windows Update.
Our security team have now seen machines on campus and on the readingConnect network running Java version 1.6.0_31 being compromised via a “Scalaxy” exploit kit. It’s only a matter of time before the exploit appears in other, more prevalent kits.
Java needs to be 1.6.0_33 or 1.7.0_5 (released on Patch Tuesday, 12 June) to be safe. IT Services automated script will now also upgrade Java 1.7.0_x if required, should you need this, please contact IT Services.
This month’s Patch Tuesday Microsoft updates included a fix for a Remote Desktop (RDP) exploit that could again be potentially used for a worm. People with RDP enabled on their PCs or Terminal Servers need to be patched as soon as possible.
There were also fixes for Internet Explorer that are being actively exploited. We have seen one attempt to exploit another IE vulnerability that has not been patched yet, but for which exploit code has been published.