Hacker News new | past | comments | ask | show | jobs | submit login

My guess would be that Java continues to run an unpatched copy of MSCOMCTL.OCX. If you look at the CVE-2012-0158 patches[0] you'll notice that Microsoft had to patch a lot of software individually, I guess Java just was never fixed.

So it is a Java issue only in the sense that Oracle needs to update it. Obviously the original "bad code" was from Microsoft.

[0] https://technet.microsoft.com/en-us/library/security/ms12-02... [1] https://community.emc.com/community/connect/rsaxchange/netwi...




Isn't the "Malicious Software Removal Tool" from Microsoft supposed to scan for such things? Obviously it isn't a full-fledged virus scanner, but I would expect scanning the system for outdated DLLs and such to be well within its reach.


As far as I know the MSRT is just a virus and or malware scanner. At the moment looking for old binaries it beyond its scope. But that could change.

The closest thing to that is this, Securia PSI:

https://secunia.com/vulnerability_scanning/personal/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: