Insecure Java instances lurk on enterprise PCs, report finds

Businesses are rife with outdated versions of Java, the programming platform that last year became the most common attack vector for hackers, according to a new report from security vendor Bit9.

By remotely analysing the PC and laptops of its clients, Bit9 discovered that the average enterprise computer has 1.6 versions of the Java runtime installed. 

This is because installing a new version of Java does not necessarily replace the old version.

"Most endpoints have multiple versions of Java installed, in part because the Java installation and update process often does not remove old versions."

The average businesses has 50 versions spread across its PC estate, Bit9 found in its report.

This provides ample opportunity for hackers to exploit outdated and unpatched versions of Java to compromise machines.

Bit9's report points to a Java-based virus, identified earlier this year, that scanned the infected PC for old versions of Java. "Quite likely this reconnaissance step was intended to ensure the ability to compromise the host again in the future," it said. 

The most vulnerable version of Java is 1.6.0, known as version 6, Bit9 said. The company found that version 6 was installed on 82% of enterprise endpoints. 

"It is no surprise that Java 1.6.0 is the most vulnerable version since it is very prevalent and attackers and researchers alike clearly have incentive to find flaws in the most prevalent versions of software."

A staggering 93% of organisations had Java instances installed that were move than five years old. 

Bit9 said that Oracle, which now operates the Java platform, is taking steps to make it more secure, but the issue of legacy Java installations needs to be resolved. "While Oracle appears to be making efforts to mitigate some of the issues that have brought us to where we are today, those efforts will have little impact on remediating the current situation."

It points to an open source tool called JavaRa, which allows organisations to identify and old remove Java instances.

Java became the most common attack vector last year, according to research from Kaspersky Lab, overtaking Abode Reader. Java security flaws were responsible for 50% of attacks, it found. 

One reason for Java's popularity among hackers is its ubiquity. According to Oracle, 3 billion devices run on the programming platform.

Another reason, Bit9's research reveals, is that unbeknownst to enterprises, there is a vast and unseen legacy installed based of outdated Java instances waiting to be exploited. 

Pete Swabey

Pete Swabey

Pete was Editor of Information Age and head of technology research for Vitesse Media plc from 2005 to 2013, before moving on to be Senior Editor and then Editorial Director at The Economist Intelligence...

Related Topics