Microsoft Security Advisory (903144) – vulnerability in the Microsoft Java VM
This vulnerability (otherwise known as Bloodhound.Exploit.40) affects the Microsoft Java VM (which has been ‘out of circulation’ for quite a long time, but may still be on older operating systems).
Carefully read this article:
http://www.microsoft.com/technet/security/advisory/903144.mspx
My recommended (and the least disruptive) workaround is the first one – “disable the javaproxy.dll COM object from running in IE”.
Some antivirus programs are starting to detect attempts to take advantage of this exploit.
If you choose to remove the Java Virtual Machine, you can replace it with the Sun version, available here:
http://www.java.com/en/download/download_the_latest.jsp
While we’re on the topic of vulnerability java virtual machines, if you have Sun Java installed, make sure you are using the latest version, and more importantly, uninstall old versions of Sun Java which may still be installed – old, vulnerable versions of Sun Java can be accessed by hostile web sites or programs:
http://msmvps.com/spywaresucks/archive/2005/03/25/39584.aspx