AFAIK, because of the Microsoft vs. Sun dispute over Java rights, the Microsoft VM only complies with Java 1.2 or maybe even lower. So as a standard of mine, and because I can use the OBJECT tag to automagically upgrade a client (depending on network conditions), I always have clients upgrade to the Sun implementation. This allows me to cut down the JAR/CAB file sizes (because I no longer have to include things like SWING) and also it allows me to take full advantage of the Java 1.4. I would suggest that anyone wanting to migrate take a look at http://java.sun.com for more information (especially look at the plugin documentation as it will make life a lot easier). Mike Duncan security@randomtask.net http://www.randomtask.net On Wed, 2002-09-11 at 00:30, Damon McMahon wrote: > In-Reply-To: <Pine.LNX.4.33.0209091507490.19081-100000@lissu.solutions.fi> > > Since Sun's implementation of the JVM is not vulnerable > AFAYK, would installing Sun's Java VM and then > configuring it to handle Java applets in IE be an > acceptable workaround? > > > > > > >WORKAROUNDS > >=========== > > > >Microsoft was first contacted in July 2002 and started > their > >investigation of potential Java vulnerabilities. More > of them were found > >during August and reported to the vendor. Microsoft > has acknowledged most > >of the vulnerabilities and is currently working on a > patch to correct > >them. > > > >To protect themselves, Internet Explorer and Outlook > (Express) users can > >disable Java Applets until the patch is released. This > can be done in > >Internet Options -> Security -> Internet -> Custom > Level -> Microsoft > >VM, select "Disable Java". > > > >If you want to use an Applet on a certain web site you > trust, you can add > >the site to the Trusted Sites zone and enable Applets > in that zone. > > > >
