Notice of Java Security Vulnerability in Web Browsers

The Department of Homeland Security (DHS) last week released an alert indicating that all versions of Java up to and including the then latest Java version 7 update 10, contained weaknesses that could allow a malicious attacker to run code on a machine that had Java installed and enabled in web browsers on that system. What made this notification unique is that the DHS was encouraging users to disable or uninstall Java altogether whereas in past security bulletins they generally gave feedback on how to steer clear of threats to US computer systems.

Since that alert was put out last week, Oracle has released an update to Java 7 with update 11. This update was released specifically to address security vulnerabilities in the Java application spoken to in the DHS announcement, however opinions are mixed at this point in security circles about whether or not this update has successfully closed all of the vulnerabilities present in the application or not. More testing of this release will undoubtedly happen this week, with additional insight into the viability of update 11 or additional releases to the Java platform with additional security in place.

At this time, Thrive Networks is recommending that all of its customers take the following action on their computer systems:

• Update instances of Java to version 7 update 11 immediately.
• Consider disabling Java from running in all web browsers on the computer system until more information about the remediation of the security flaw are brought to light later this week or in the weeks to come.

For instructions on how to disable Java in the most frequently used web browsers on Windows systems, click here. Follow these instructions to disable Java in the browsers that you commonly use to browse the Internet.

Java updates should be able to be run from the Java console which generally is able to be launched from the computer’s task bar. If you do not see it there the Java console can be started from within the computers Control Panel. Thrive offers a third-party patching add-on to our standard ThriveProtect platform which enables the updating of applications such as Java, Adobe, Quicktime, etc.

To learn more about our Patch Management Services, contact Thrive Networks today.