Computer & Network Security>Java

Critical Oracle Update – Fixes 104 Vulnerabilities

Oracle announced a critical update for a number of products including Java.   According to Oracle, “Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.”

We recommend patching Java as soon as possible.  Many organizations do not patch Java due to business application constraints.  Serious consideration should be given to the risks of Java vulnerabilities in light of these situations.  Updates can be optained from the Java website or using the Java Control Panel.

37 of these vulnerabilities affect Java SE.  35 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password, and 4 of the vulnerabilities have a CVSS rating of 10.0 (If a user is not running with administrative rights, the CVSS base score becomes a 7.5).  For more information see the Java SE Risk matrix  and an explanation of the of CVEs.

Fixes for the following CVEs are included in this patch: