Patch Available for "Java VM Applet" Vulnerability
Originally posted: August 21, 2000
Summary
=======
Microsoft has released a patch that eliminates a security
vulnerability in the Microsoft(r) virtual machine (Microsoft VM). If
a malicious web site operator were able to coax a user into visiting
his site, the vulnerability could allow him to masquerade as the
user, visit other sites using his identity, and relay the information
back to his site.
Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-059.asp
Affected Software Versions
==========================
Versions of the Microsoft VM are identified by build numbers, which
can be determined using the JVIEW tool, as discussed in the FAQ. The
following builds of the Microsoft VM are affected:
- All builds in the 2000 series.
- All builds in the 3100 series.
- All builds in the 3200 series.
- All builds in the 3300 series.
Patch Availability
==================
- All 2000 series Microsoft VM customers:
Install Microsoft VM build 2446
- All 3100 series Microsoft VM customers:
Upgrade to build 3309 and install the 3314 security patch
- 3200 series Microsoft VM customers should do one of the following:
All 3200 builds:
Upgrade to build 3309 and install the 3314 security patch
Builds 3229-3234:
Install the security patch from Bulletin MS00-011 before
installing
this new 3314 security patch
Build 3240:
Install the 3314 security patch
- All 3300 series Microsoft VM customers should install the 3314
security patch
Originally posted: August 21, 2000
Summary
=======
Microsoft has released a patch that eliminates a security
vulnerability in the Microsoft(r) virtual machine (Microsoft VM). If
a malicious web site operator were able to coax a user into visiting
his site, the vulnerability could allow him to masquerade as the
user, visit other sites using his identity, and relay the information
back to his site.
Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-059.asp
Affected Software Versions
==========================
Versions of the Microsoft VM are identified by build numbers, which
can be determined using the JVIEW tool, as discussed in the FAQ. The
following builds of the Microsoft VM are affected:
- All builds in the 2000 series.
- All builds in the 3100 series.
- All builds in the 3200 series.
- All builds in the 3300 series.
Patch Availability
==================
- All 2000 series Microsoft VM customers:
Install Microsoft VM build 2446
- All 3100 series Microsoft VM customers:
Upgrade to build 3309 and install the 3314 security patch
- 3200 series Microsoft VM customers should do one of the following:
All 3200 builds:
Upgrade to build 3309 and install the 3314 security patch
Builds 3229-3234:
Install the security patch from Bulletin MS00-011 before
installing
this new 3314 security patch
Build 3240:
Install the 3314 security patch
- All 3300 series Microsoft VM customers should install the 3314
security patch