Update Your Java to Patch 20 Vulnerabilities Or Just Disable it
Today, Oracle has released its quarterly Critical Patch Update (CPU)
for the month of July, as part of its monthly security bulletin, in
which it fixes a total of 113 new security vulnerabilities for hundreds
of the company’s products.
The security update for Oracle’s popular browser plug-in Java addresses
20 vulnerabilities in the software, all of which are remotely
exploitable without authentication, that means an attacker wouldn't need
a username and password to exploit them over a network.
MOST CRITICAL ONE TO PATCH FIRST
Oracle uses the Common Vulnerability Scoring System (CVSS) to provide an
open and standardized rating of the security holes it finds in its
products. One or more of the Java vulnerabilities
received the most “critical” rating according to Oracle’s Common
Vulnerability Scoring System (CVSS), i.e. base score of 10 or near.
Although, numerous other Oracle products and software components
addressed in the latest security updates, which address around 29
vulnerabilities in Oracle Fusion Middleware out of which 27 enable
remote code execution, seven vulnerabilities in Hyperion products and
five apiece for Oracle database and E-Business Suite. But, Java was the
only impacted with security issues scoring the highest critical rating.
So, Java patches are the most urgent and should be at the top of your list, as one of the Java SE vulnerabilities (CVE-2014-4227) in this patch update, scores ten out of ten in the common vulnerability rating system, and seven of the other Java SE client vulnerabilities received a CVSS score of 9.3.
Oracle Database Server will also be updated for five vulnerabilities,
one of which is remotely exploitable, while there will be 10 patches
released for MySQL Server, but none of them are remotely exploitable.
JAVA WILL CONTINUE TO SUPPORT WINDOWS XP
The company recently announced that it would no longer support Java on
Windows XP, though it expect Java 7 to continue to work on Windows XP
platform and Oracle security updates for Java on XP machines will
continue.
“This end of support announcement has been misread as ‘Java no longer works on Windows XP’ or ‘Oracle will stop Java updates from being applied on Windows XP.’ These statements are not correct,” said Oracle vice-president of product management in the Java Platform Group Henrik Stahl.
“We expect all versions of Java that were supported prior to the Microsoft de-support announcement to continue to work on Windows XP for the foreseeable future. In particular, we expect that JDK 7 will continue to work on Windows XP.”
However, Java 8 is not designed even to install on Windows XP operating system. So, the installer for the developer releases of Java 8 will not run on it without manual intervention.
PATCH OR SIMPLY DISABLE JAVA?
Java runs on more than 850 million personal computers and on billions of devices worldwide, therefore protecting against Java zero-day exploits is a rising concern among millions of Windows, Mac OS, and Linux users.
Security experts recommend not installing Java if you don't already have it, and perhaps even disable it if you have it if you do not regularly use an application or visit any Web site that requires Java.
PATCH OR SIMPLY DISABLE JAVA?
Java runs on more than 850 million personal computers and on billions of devices worldwide, therefore protecting against Java zero-day exploits is a rising concern among millions of Windows, Mac OS, and Linux users.
Security experts recommend not installing Java if you don't already have it, and perhaps even disable it if you have it if you do not regularly use an application or visit any Web site that requires Java.
UPDATE YOUR SYSTEMS NOW
The company is urging its customers to update their systems as soon as possible. "Due
to the threat posed by a successful attack, Oracle strongly recommends
that customers apply Critical Patch Update fixes as soon as possible," the firm warned.
Oracle has published the full details about the list of patches here.
No comments:
Post a Comment