Critical Vulnerabilities Patched in Java, Windows, and HackingTeam Software
Security experts have uncovered a series of critical vulnerabilities in popular software platforms. Oracle has addressed a zero-day flaw in Java, while Microsoft has released a crucial patch for a font issue. Meanwhile, a data breach at HackingTeam has exposed multiple unpatched vulnerabilities.
TrendMicro discovered a serious zero-day vulnerability in Java's SAP NetWeaver AS Java RMI-P4 module. This flaw, involving unsafe deserialization, allows unauthenticated attackers to execute arbitrary OS commands. SAP patched this critical issue in September 2025, but it was not included in Oracle's July 2015 CPU patch.
Microsoft has issued a critical bulletin, MS15-078, for a font problem that affects all Windows versions. This vulnerability enables Remote Code Execution and has been addressed in Microsoft's latest updates.
Oracle's quarterly Critical Patch Update for July 2015 addresses 25 vulnerabilities in Java, including the zero-day reported by TrendMicro. Microsoft credits Google's Project Zero, FireEye, and TrendMicro for their role in discovering this issue.
Security researchers have found four zero-day vulnerabilities in the HackingTeam data: three in Adobe Flash and one in Microsoft Windows. Additionally, TrendMicro reported another zero-day in Java, affecting the latest Java v8u45 and used in targeted attacks. Oracle's CPU July 2015 fixes the zero-day vulnerability CVE-2015-2590 in Java, reported by Trend Micro.
HackingTeam's Remote Control Software, Galileo, provides government customers with a centralized console to monitor and control targeted computers. The HackingTeam data breach contains emails, documentation, and source code that has been analyzed by journalists and security researchers, leading to the discovery of these vulnerabilities.
With these critical vulnerabilities patched, users are urged to update their systems promptly. The discovery of these issues highlights the importance of regular patching and the need for continued vigilance against emerging threats.
