Network News

X My Profile
View More Activity

Sun Issues Java Security Update

Sun Microsystems has issued an update to plug a pair of security holes in its Java Runtime Environment software. JRE is a widely installed software bundle that Web sites use to serve visitors with multimedia, interactive content.

One of the security holes could be exploited to break into Windows machines by convincing a user to visit a corrupt Web site. It's a popular problem because if you're running Microsoft Windows, a version of this is installed on your machine. Ninety-eight percent of all visitors to had a version of JRE installed, according to numbers we pulled on Thursday, although the site's statistics tool couldn't break it down by installed version number.

The latest version of Sun's JRE is not vulnerable, but Sun doesn't make it easy for the average user to determine which version is installed on his machine. Additionally, each user probably has more than one version of Java per machine.

The majority of Windows users likely have either JRE 6 or JRE 5.0 installed. The latest patched versions are JRE 6 Update 1, or JRE 5.0 Update 11. To see which version you have installed, go to "Start," "Control Panel," then "Add/Remove Programs," and scroll halfway down the list. If you find older versions of Java already installed, you should uninstall them.

The last time Security Fix wrote about Java updates, a reader asked whether any bad guys bothered to exploit Java vulnerabilities. I replied that criminals would be foolish to ignore it, given the massive installation base of this program. The SANS Internet Storm Center recently posted an alert about a malicious Web site capitalizing on a Java vulnerability that Sun patched in January to silently install a password-stealing program on machines whose users visited the site with outdated versions of Java.

Unless you have a very old version of Java installed, you should be able to update by clicking "Start," "Control Panel," and then double-clicking on the "Java" icon. In the box that pops up, click on the "Update," tab, and then the "Update Now," button. Alternatively, Windows users can download the update titled "Java Runtime Environment (JRE) 6u1" from this link.

By Brian Krebs  |  June 8, 2007; 2:59 PM ET
Categories:  From the Bunker , Latest Warnings , New Patches , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Substitute Teacher Granted New Trial in Porn Case
Next: Microsoft to Issue Six Security Updates

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company