RealTime IT News

Programmer's Applet Bugs Microsoft's Virtual Machine

Fabio Ciucci, an Java programmer noted for his previously finding and reporting security holes in Microsoft applications, recently highlighted the most recent threat to users of the latest version of Microsoft's Java Virtual Machine (JVM).

Microsoft recently updated its Java-based products after a California court ruled in favor of Sun Microsystems Inc. and agreed that the company had violated a licensing agreement between the two companies.

Fabio Ciucci, lead programmer of Anfy Java, indicated that users of Microsoft's new JVM release are all succeptable to the Java applet. Ciucci first reported the security hole in the JVM last year and Microsoft then released a repair patch for the product. Ciucci said however, that Microsoft's newest JVM release does contain the patch, nor does it include a permanent fix for the bug.

The applet in question causes users' machines to instantly lock up, forcing the user to reboot the machine in order to continue using it. The applet can be present in e-mail attachments as well as standard Web pages. The patch which Microsoft released is still effective, but many users are not aware that the patch is available.

The applet is capable of crashing Microsoft Internet Explorer 4.0, 4.1, and IE 5 beta. It effectively crashes the entire Windows 95/98 operating system, killing any running applications as well.

The patches can be downloaded from Microsoft at no charge. For those hoping to see the applet in action, you can download it in zipped format, but be forwarned, it does work. The source code is included in the zip file, along with notes from the hacker that created it.