May 19, 1997 12:50 PM PDT

Microsoft fixes Java bug

By Nick Wingfield
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: New Java security bug found
May 16, 1997; Hole in Windows 95, NT fixed
May 12, 1997; Another bug in Explorer
May 8, 1997; Princeton team finds Java glitch
April 29, 1997; Microsoft security flaws run deep
March 6, 1997; Java, ActiveX security elusive
March 6, 1997; "Black widow" scare on Web
May 15, 1996

Microsoft (MSFT) has posted a new version of its Java virtual machine that remedies a number of potential security flaws discovered last week.

The flaws were found by a team of researchers from the University of Washington. This same team also has discovered glitches--24 in all, it claims--in Sun Microsystems' Java virtual machine, the engine that lets computers read and execute Java applets. Several companies including Microsoft have written their own virtual machines, but most browser and operating system companies rely on the version licensed directly from Sun.

Microsoft has posted an entirely new version of its virtual machine for Internet Explorer 3.x and 4.0. The software is available on the company's Web site.

Sun said late last week that it would immediately ship a patch to all licensees of its Java technology, adding that it would make the fix more widely available the week of May 26 in a new version of its Java development kit, 1.1.2.

Sun had said last week that the security holes could allow a hacker to shut down a Java program. But today an associate professor of computer science at the University of Washington, Brian Bershad, said the flaws in both Sun and Microsoft's virtual machines are more serious.

"The best-case scenario results in a crash. Worst-case results in some resources corruption," such as a file being deleted, Bershad said today.

The University of Washington researchers discovered the problems while developing their own version of the virtual machine byte code verifier, a piece of software that checks Java code as it is downloaded from the Net to make sure it's safe. Both Microsoft and Sun moved to fix the glitches as soon as Bershad and the two other members of his team--Sean McDirmid and Emin Gün Sirer--notified them of the problems.

The researchers have posted a Web site that documents the flaws in the Microsoft and Sun virtual machines.

Latest tech news headlines

The main problem with Windows Vista
Posted in Defensive Computing by Michael Horowitz

September 6, 2008 7:50 PM PDT
Google-focused satellite enters orbit
Posted in News - Digital Media by Jonathan Skillings

September 6, 2008 7:33 PM PDT
In NFL deal, an extra point for Adobe's Flash
Posted in News - Digital Media by Jonathan Skillings

September 6, 2008 6:40 PM PDT

Resource center from News.com sponsors

What you need in business class email.

Mailtrust

Never worry about email again. From mobility and shared calendaring to virus and spam protection starting at only $3 per mailbox. more>

Total Email Relief

We'll take care of your email so you can take care of your business.

14 Day Free Trial

With expert support 24x7x365 we guarentee 100% uptime. Try us for free for 14 days. Never worry about your email again.

Just $3 per mailbox

Choose the plan that is right for your company and only pay for what you need.

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Chrome's JavaScript challenge to Silverlight
The advent of Google's Chrome browser, software pros say, should spur a big speedup for JavaScript, which would raise its standing against Microsoft's Silverlight technology.
Gallery
Photos: Top 10 reviews of the week
Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.
News - Apple
Apple watchers spot 'iPod Nano' pix, iTunes hints
The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.
Coop's Corner
Chris Shipley 1, Internet lynch mob 0
Demo's impresario goes public with a tart and smartly written riposte to the shoot-from-the-lip crowd.
Video
Katie Couric reflects on first Webcast
The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.
News - Digital Media
Google-focused satellite enters orbit
The search titan has exclusive rights among online mapping sites to images from the new GeoEye-1 satellite, which launched Saturday.
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Gaming and Culture
Are Demo and TechCrunch50 fragmenting their audiences?
With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Images: The art of 'Spore' prototypes
Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.
Crossfade
The Standard, 'A Different Skin': Free MP3 of the Day
Eschewing the danceable beats favored by many of its post-punk brethren, while opting instead for more ominous and insistent rhythms, is what makes the Standard visceral and engaging. Download a free MP3 of "A Different Skin" courtesy of CNET Download Mus
Green Tech
Duke Energy to invest in mini solar power plants
Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.