Microsoft is the biggest software giant and produces maximum number of software compare to any other software company. There is a big impact of Microsoft in software industry and Microsoft is very much worried about the exploitation of Java by malware.

According to Microsoft, there has been a rapid increment in the amount of malware that attempts to exploit Java. Microsoft malware protection center had detected less than half a million of exploitation by malware with its antimalware technology. The strange fact is that it was virtually zero a year before. It has been increased to over six million between Q2 2010 and the middle of Q3.

Microsoft researcher Holly Stewart said in a blog post “By the beginning of this year, the number of Java exploits (and by that I mean attacks on vulnerable Java code, not attacks using JavaScript) had well surpassed the total number of Adobe-related exploits we monitored.” It is very easy to exploit Java, there are so many malware kits are available online for older version of Java.
Java exploit is a big security problem as, F-secure, a security vendor said that it had seen thousands of Java exploits and it is because of versions of Java over a year did not uninstall previous versions when installed. Sullivan told that this is huge problem and exploit kits can plugging into old vulnerability and people not realizing they have old version of Java installed.
There are several malware kits available and parsing malicious Java code requires a Java interpreter, and Java interpreters are notoriously slow, leading to performance issues. It means we need a efficient kit or interpreter. Microsoft is also analyzing that how many of these attacks are actually successful.

IT managers often did not patch Java as told by Security compliance company Qualys. They also told “We are now seeing an increased attention on Java,” and “Java attends to the basic characteristics: it is a widely installed, it has a set of well known vulnerabilities and it has been largely ignored by IT administrators for patching.” It was told by some security officers that Oracle which now owns Java should collaborate with Microsoft to automatically distribute java patches.

There is huge need to fix Java and it will be done by Oracle/Sun collaborate with Microsoft to use the well established and robust WSUS update process.  If this mechanism will be available to all software vendors then internet will become a safer place for all of us.

It was reported some days ago that while analyzing a live attack using the Zombie Infection Kit, researchers from M86 Security discovered that over 60% of successful exploits targeted two Java vulnerabilities.