Oracle released Java JRE 1.7 update 7 and 1.6 update 35 today patching critical security holes. Most security professionals recommended disabling Java or removing it while waiting for this update. So if you’ve ignored that advice, you need to upgrade as soon as possible.
The deadline for getting up to date on the latest Java has come an gone. Microsoft posted on the 20th that they were seeing exploit code attacking the vulnerability in Java which Oracle patched in February. Yesterday Brian Krebs posted that an exploit for this vulnerability is now in one of the more popular exploit kits. …
I’m not one of these people who thinks that all patches need to be released on the second Tuesday in each month. But it is downright inconvenient to release patches the next day. People who manage vulnerabilities in companies are then forced to either restart the patch deployment cycle, adding in these new patches, or …
F-Secure generated a lot of traffic in the blogosphere with their post declaring Java harmful and better to not be installed on computers. To me the only surprising part is the discussions this generated. Isn’t this old news? Principle of least privilege says to remove it if you don’t need it. So when you’re regularly updating an …
As part of deployment of JAVA 1.6 update 29, I decided it was time to take a closer look at removing older versions of JAVA. At one point in time, new JAVA installs left all previous versions installed on the system. In 1.6 update 10, JAVA began installing JAVA into %programfile%\java\jre6. Each subsequent update would replace the …
Back in June I wrote about my methodology of deploying SCUP and how I wished I had the time to work out deploying JAVA with SCUP. The quarterly update for JAVA was released last week, so it was time to go another round. When deploying JAVA in an interactive manner, the install will prompt the user if …
Oracle released JAVA 1.6 update 26 as part of the scheduled quarterly update. It fixes 17 vulnerabilities. I would have liked to deploy this with System Center Update Publisher but I find JAVA to be kind of an odd duck. To get it SCUPed would take a lot of testing. I needed to get the patch out the …