Microsoft Issues Java Patch


Microsoft Monday issued a patch for a security flaw in its Java virtual machine software (Microsoft VM) that attackers could exploit to redirect browser traffic.

Microsoft said the vulnerability, which it rated as critical, affects customers using Internet Explorer with a proxy server.

The vulnerability stems from the way that Java requests are handled when Internet Explorer is configured to use a proxy server, the company said. A maliciously built Java applet could cause the proxy server to reroute browser traffic, possibly allowing the attacker access to sensitive data.

In order for the flaw to be exploited, a user would have to visit a Web site with a malicious Java applet. When the applet is executed on the user's system, an attacker can access the user's session.

Microsoft said all versions of Microsoft VM, up to and including build 3802, are affected. A patch is available here.