Microsoft KB Archive/824606

= How to secure systems against potential Microsoft VM vulnerabilities =

Article ID: 824606

Article Last Modified on 6/14/2006

-

APPLIES TO


 * Microsoft Java Virtual Machine

-



SUMMARY
Because of a settlement agreement that was reached in January 2001 that resolved a legal dispute with Sun Microsystems, Microsoft will no longer be authorized to support the Microsoft virtual machine (Microsoft VM) as of September 30, 2004. Microsoft will not be able to address potential Microsoft VM-related security issues, nor will the company be able to make any product enhancements. In preparation for this change, Microsoft began phasing out the Microsoft VM in its products after the settlement was reached. Going forward, the Microsoft VM will not be included in any Microsoft products. Even though these changes have occurred, many organizations still use the Microsoft VM on Web sites and on other applications. Over time, this may present a potential security risk for businesses that continue to use the Microsoft VM.

This article assumes a security vulnerability in the Microsoft virtual machine. The &quot;More Information&quot; section of this article lists the steps to secure a system from this assumed vulnerability, when a dependency on the virtual machine cannot be, or has not been, removed. This procedure is also known to disable the Sun Microsystems JRE plug-in for Internet Explorer for non-trusted sites, and the procedure may affect the functioning of other virtual machines that might run in Microsoft Internet Explorer.



MORE INFORMATION
When you cannot disable the Microsoft virtual machine, and the site author has not removed a dependency on the Microsoft VM, follow these steps to secure the system:  Start Microsoft Internet Explorer. On the Tools menu, click Internet Options. On the Security tab, follow these steps for each zone except Trusted sites:  Click Custom Level. Scroll down to Microsoft VM. Under Java permissions, select Disable Java, and then click OK. </li> On the Security tab, click the Trusted sites zone, and then click Custom Level.</li> Scroll down to Microsoft VM.</li> Under Java permissions, select High Safety, and then click OK.</li> With the Trusted sites zone still selected, click Sites.</li> To add the Web site with the applet to the Trusted sites zone, type the URL in the Add this Web site to the zone box.</li></ol>

<div class="references_section">