Security Alert – Java Vulnerability – January 16, 2013

As you may already be aware, the Department of Homeland Security and US CERT (United States Computer Emergency Readiness Team) released an advisory warning about vulnerability of computer systems for those using Java.  Java is a programming language that is used in conjunction with various software programs and web browsers that may reside on your computer.  Malware could exploit this vulnerability and potentially put sensitive information on your computer at risk or allow your computer to be taken over by hackers.

This vulnerability is named the “Zero-Day Exploit” and it is recommended that all users take steps to reduce the ability of any malware to put their computers at risk. While the currently available solutions do not provide absolute protection from this vulnerability, they will reduce the risk to the individual computer of exposure to malware and hacking attempts. The links below are provided to answer the most common questions users have about this issue.

What You Need to Know About the Java Exploit

To reduce your risk of infection because of this vulnerability, experts recommend that users take the defensive steps of disabling Java whenever possible.

  1. Disable the use of Java in web browsers.  The most recent version of Java includes a checkbox in the Control Panel in Windows that allows the use to disable Java in all web browsers at once.
  2. Evaluate the use of Java with software programs. The most recent version of Java moves the default security level to “High” which causes a pop up message that lets the user decide whether it is safe to run Java in relation to a particular program.

How to Disable Java in Web Browsers:

First, test your computer to see if Java is enabled in your web browsers (be sure to test all of them) by going to this website:

http://javatester.org/version.html

If Java is not running in your web browsers (no pink rectangle as described), you do not need to do anything else to disable Java in your web browsers.

If Java is enabled on a Mac:

Apple did not include Java installations with its most recent versions of OS X. If you have a Mac running Snow Leopard or any more recent operating system, making sure you have the latest updates from Apple will block Java if it exists on your computer.  Use the links below for instructions on how to update Macs running various operating system versions:

What Mac Users Need to Know About the Java Security Update
OS X: Updating OS X and Mac App Store apps

If you installed Java (particularly version 7) on your Mac computer separately, you should update to the most recent version provided by Oracle.

If Java is enabled in Windows:

Click the links below for instructions on disabling Java in both the Windows Control Panel and web browsers.

How do I disable Java in my web browser?

If you need Java to run other necessary software programs:

If you have installed Java on a Mac, or you can see Java in the Control Panel in Windows, updating your version of Java to the most recent release (currently Java 7u11) is the safest way available to run the necessary software.  This will change the default security setting to “High” which will require your computer to ask for permission to run Java when you start your programs.  If you know the software you are using, you can allow Java to run.

OIT will continue to monitor alerts regarding this issue and provide updates to the campus community as they become available.  If you have questions or concerns about this issue, please contact the IT Support Center by creating a ticket at http://itsupport.smcm.edu or by phone at 240-895-4357.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>