Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
500 entries found. Displaying page 1 of 25.
Updated on Sep 20, 2015

Windows Defender detects and removes this threat.

This threat uses a Java vulnerability (CVE-2013-1493) to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and if you have a vulnerable version of Java.

The following versions of Java are vulnerable:

  • Oracle Java JDK and JRE 7 Update 15 and earlier
  • Oracle Java JDK and JRE 6 Update 41 and earlier
  • Oracle Java JDK and JRE 5 Update 40 and earlier

To check if you're running a vulnerable version of Java:

  1. In Control Panel, double-click Programs.
  2. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
  3. On the General tab, click About to see which version of Java you have installed.

You might get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful. This doesn't mean that you have been hacked; it means someone has tried to hack into your PC.

Find out ways that malware can get on your PC.

Alert level: severe
Updated on Mar 20, 2013
Alert level: severe
Updated on Mar 16, 2013
Alert level: severe
Updated on Apr 08, 2013
Alert level: severe
Updated on Feb 04, 2013

Exploit:Java/CVE-2013-0422 is a malicious Java applet that attempts to exploit a vulnerability (CVE-2013-0422) in the Java Runtime Environment (JRE), in order to download and install files of an attacker’s choice onto your computer.

If you visit a website containing the malicious code while using a vulnerable version of Java, the exploit is loaded. Note, however, that a number of legitimate websites could be compromised or unwillingly host a malicious applet through advertising frames which could redirect to or host a malicious Java applet.

Update vulnerable Java applications

This threat exploits a known vulnerability in Java. After removing this threat, make sure that you install the updates available from the vendor. You can read more about this vulnerability in Java, as well as where to download the software update from the following links:

It may be necessary to remove older versions of Java that are still present. Keeping old and unsupported versions of Java on your system presents a serious security risk. To read more about why you should remove older versions of Java, see the following information.

Alert level: severe
Updated on Oct 15, 2014

Windows Defender detects and removes this threat.

This threat uses a Java vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.

The following versions of Java are vulnerable:

  • Java Runtime Environment of Oracle Java SE 7 Update 17 and earlier
  • OpenJDK version 6 and version 7

To check if you're running a vulnerable version of Java:

  1. In Control Panel, double-click Programs.
  2. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
  3. On the General tab, click About to see which version of Java you have installed.

You may get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

Alert level: severe
Updated on May 06, 2016

Windows Defender detects and removes this threat.

This threat uses a Java vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.

The following versions of Java are vulnerable:

  • Java Runtime Environment of Oracle Java SE 7 Update 10 and Update 11

To check if you're running a vulnerable version of Java:

  1. In Control Panel, double-click Programs.
  2. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
  3. On the General tab, click About to see which version of Java you have installed.

You may get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

Alert level: severe
Updated on Nov 12, 2014

Windows Defender detects and removes this threat.

This threat uses a Microsoft vulnerability to escalate the privilege of a running process. The vulnerability is called CVE-2013-3660 or the "Win32k.sys Elevation of Privilege Vulnerability".

You can read more and apply updates to prevent exploiting this vulnerability in Microsoft Security Bulletin MS13-053.

The threat will work if you have one of the following vulnerable versions 32-bit Windows:

  • Windows 8.1
  • Windows 8
  • Windows 7 SP1
  • Windows Vista SP2
  • Windows RT 8.1
  • Windows RT
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2008 SP2
  • Windows Server 2008 R2 SP1
  • Windows Server 2003 SP2

You may get an alert about this threat even if you're not using a vulnerable version of the application. This is because we detect when a website or file tries to use the vulnerability, even if it isn't successful.

Alert level: severe
Updated on Feb 04, 2013

Exploit:Java/CVE-2013-0422.B is a variant of the Exploit:Java/CVE-2013-0422 family of exploits; malicious Java applets that attempt to exploit a vulnerability (CVE-2013-0422) the Java Runtime Environment (JRE), in order to download and install files of an attacker’s choice onto your computer.

If you visit a website containing the malicious code while using a vulnerable version of Java, the exploit is loaded. Note, however, that a number of legitimate websites could be compromised or unwillingly host a malicious applet through advertising frames which could redirect to or host a malicious Java applet.

Update vulnerable Java applications

This threat exploits a known vulnerability in Java. After removing this threat, make sure that you install the updates available from the vendor. You can read more about this vulnerability in Java, as well as where to download the software update from the following links:

It may be necessary to remove older versions of Java that are still present. Keeping old and unsupported versions of Java on your system presents a serious security risk. To read more about why you should remove older versions of Java, see the following information.

Alert level: severe
Updated on Oct 27, 2014

Windows Defender detects and removes this threat.

This threat uses an Internet Explorer vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Internet Explorer.

The following Internet Explorer versions are vulnerable:

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
Alert level: severe
Updated on Nov 07, 2014

Windows Defender detects and removes this threat.

This malware uses a vulnerability in your software to infect your PC.

It runs if you visit a hacked website and you have a vulnerable version of Java installed.

The following versions of Java are vulnerable:

  • Java Development Kit and Java Runtime Environment 5 Update 45 and earlier
  • Java Development Kit and Java Runtime Environment 6 Update 45 and earlier
  • Java Development Kit and Java Runtime Environment 7 Update 21 and earlier

To check if you're running a vulnerable version of Java:

  1. Go to the control panel (select Start then Control Panel).
  2. Select Programs. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
  3. On the General tab, click About to see which version of Java you have installed.

You might get a detection for this threat when you visit a website that has malicious code, even if you're not using a vulnerable version of Java. This doesn't mean that you have been compromised, it means an try to compromise your PC has been made.

The vulnerability that this malicious Java applet exploits is described in CVE-2013-2465.

Alert level: severe
Updated on Sep 21, 2014

Windows Defender detects and removes this threat.

This threat uses a Java vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.

The following versions of Java are vulnerable:

  • Java SE Development Kit 7 Update 21 and earlier
  • Java SE Development Kit 6 Update 45 and earlier
  • Java SE Development Kit 5.0 Update 45 and earlier
  • OpenJDK 7

To check if you're running a vulnerable version of Java:

  1. In Control Panel, double-click Programs.
  2. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
  3. On the General tab, click About to see which version of Java you have installed.

You may get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

Alert level: severe
Updated on Sep 25, 2014

Windows Defender detects and removes this threat.

This threat uses an Internet Explorer vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Internet Explorer.

The following Internet Explorer versions are vulnerable:

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
Alert level: severe
Updated on Oct 20, 2016

Windows Defender detects and removes this threat.

This threat uses a Java vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.

The following versions of Java are vulnerable:

  • Java Development Kit, Java Runtime Environment 7 Update 11 and earlier

To check if you're running a vulnerable version of Java:

  1. Go to the control panel (Select Start then Control Panel)
  2. Select Programs. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
  3. On the General tab, click About to see which version of Java you have installed.

You might get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

Alert level: severe
Updated on Sep 20, 2015

Windows Defender detects and removes this threat.

This threat uses a Java vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.

The following versions of Java are vulnerable:

  • Java Development Kit and Java Runtime Environment 7 Update 10 and earlier

To check if you're running a vulnerable version of Java:

  1. In Control Panel, double-click Programs.
  2. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
  3. On the General tab, click About to see which version of Java you have installed.

You may get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

Find out ways that malware can get on your PC.

Alert level: severe
Updated on Dec 10, 2014

Windows Defender detects and removes this threat.

This threat uses a Java vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.

The following versions of Java are vulnerable:

  • Java Development Kit SE 7 update 17 and earlier
  • OpenJDK Java Development Kit versions 7 and earlier

To check if you're running a vulnerable version of Java:

  1. In Control Panel, double-click Programs.
  2. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
  3. On the General tab, click About to see which version of Java you have installed.

You might get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

Alert level: severe
Updated on Oct 28, 2014

Windows Defender detects and removes this threat.

This threat uses a Java vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.

The following versions of Java are vulnerable:

  • Oracle Java SE 7 update 17 and earlier.
  • OpenJDK 7 update 17 and earlier.

To check if you're running a vulnerable version of Java:

  1. In Control Panel, double-click Programs.
  2. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
  3. On the General tab, click About to see which version of Java you have installed.

You may get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

Alert level: severe
Updated on Jun 23, 2022
Alert level: severe
Updated on Aug 22, 2013
Alert level: severe
Updated on Nov 14, 2015
Alert level: severe