Sun Java 0-Day Being Exploited In-The-Wild

According to Ryan Naraine (journalist and security evangelist at Kaspersky Lab) the recently disclosed Sun Java Deployment Toolkit Argument Injection Vulnerability is now being used in in-the-wild attacks.

@ryanaraine

heads-up: @taviso's java 0day vuln now being used in an active in-the-wild attack

Since Oracle (Sun) has not issued an official communication about this issue, the only mitigation information available is from Google's Tavis Ormandy.

Internet Explorer users can be protected by temporarily setting the killbit on CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA. To the best of my knowledge, the deployment toolkit is not in widespread usage and is unlikely to impact end users. Mozilla Firefox and other NPAPI based browser users can be protected using File System ACLs to prevent access to npdeploytk.dll. These ACLs can also be managed via GPO

I would expect Ryan will be giving more details on the detected attacks @ at Threatpost.com.