How to secure systems against potential Microsoft VM vulnerabilities (824606)


The information in this article applies to:

  • Microsoft virtual machine

SUMMARY

Because of a settlement agreement that was reached in January 2001 that resolved a legal dispute with Sun Microsystems, Microsoft will no longer be authorized to support the Microsoft virtual machine (Microsoft VM) as of September 30, 2004. Microsoft will not be able to address potential Microsoft VM-related security issues, nor will the company be able to make any product enhancements. In preparation for this change, Microsoft began phasing out the Microsoft VM in its products after the settlement was reached. Going forward, the Microsoft VM will not be included in any Microsoft products. Even though these changes have occurred, many organizations still use the Microsoft VM on Web sites and on other applications. Over time, this may present a potential security risk for businesses that continue to use the Microsoft VM.

This article assumes a security vulnerability in the Microsoft virtual machine. The "More Information" section of this article lists the steps to secure a system from this assumed vulnerability, when a dependency on the virtual machine cannot be, or has not been, removed. This procedure is also known to disable the Sun Microsystems JRE plug-in for Internet Explorer for non-trusted sites, and the procedure may affect the functioning of other virtual machines that might run in Microsoft Internet Explorer.

MORE INFORMATION

When you cannot disable the Microsoft virtual machine, and the site author has not removed a dependency on the Microsoft VM, follow these steps to secure the system:
  1. Start Microsoft Internet Explorer.
  2. On the Tools menu, click Internet Options.
  3. On the Security tab, follow these steps for each zone except Trusted sites:
    1. Click Custom Level.
    2. Scroll down to Microsoft VM.
    3. Under Java permissions, select Disable Java, and then click OK.
  4. On the Security tab, click the Trusted sites zone, and then click Custom Level.
  5. Scroll down to Microsoft VM.
  6. Under Java permissions, select High Safety, and then click OK.
  7. With the Trusted sites zone still selected, click Sites.
  8. To add the Web site with the applet to the Trusted sites zone, type the URL in the Add this Web site to the zone box.

REFERENCES

For support information about Visual J++ and the SDK for Java, visit the following Microsoft Web site:

http://www.microsoft.com/java

Modification Type:MajorLast Reviewed:6/14/2006
Keywords:kbinfo KB824606 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.