The present Microsoft VM, which includes all previously released fixes to the VM, has been updated to include a fix for the newly reported security vulnerability. This new security vulnerability affects the ByteCode Verifier component of the Microsoft VM, & results because the ByteCode verifier does not correctly check for the presence of certain malicious code when a Java applet is being loaded. The attack vector for this new security issue would likely involve an attacker creating a malicious Java applet & inserting it into a web page that when opened, would exploit the vulnerability. An attacker could then host this malicious web page on a web site, or could send it to a user in e-mail.
Versions of the Microsoft virtual machine (Microsoft VM) are identified by build numbers, which can be determined using the JVIEW tool as discussed in the FAQ. All builds of the Microsoft VM up to & including build 5.0.3809 are affected by these vulnerabilities.