January 12, 2013 at 2:20 pm
Comments posted to this topic are about the item The Java Danger
January 12, 2013 at 6:39 pm
It's really important to remember that the Java vulnerability only affects the browser based plugin. So, when you say "There are people that use Java to access SQL Server instances, and for those people, I'd suggest you carefully watch your systems, understand the potential issues, and ensure you have good point to point security enabled in your firewalls or routers" keep in mind that every piece of software between the end user browser and the server would need to be compromised. In the enterprise software world, there is usually at least one middle tier, if not multiple tiers, between the end user desktop and the database server.
The worst part about this vulnerability is that users of older versions of IE are particularly vulnerable - making the recommended fixes to disable the plugin requires a registry change.
Jeremiah Peschka
Microsoft SQL Server MVP
Managing Director - Brent Ozar PLF, LLC
January 14, 2013 at 8:47 am
Good to know. I misread and was thinking this affected all Java installations. Let's hope that's true and there isn't a bit hole in the desktop installations.
January 14, 2013 at 8:55 am
Looks like an update is already available, too. Exciting times!
Jeremiah Peschka
Microsoft SQL Server MVP
Managing Director - Brent Ozar PLF, LLC
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply