Carnegie Mellon University Website Home Page
 

SECURITY ALERT: Update Available for Java version 7 (or 1.7)

(US Eastern Time)
DAY: Friday
DATE: August 31, 2012

WHOM DOES THIS AFFECT?

Windows, Mac and Linux users running Java version 7 (or 1.7).0

SUMMARY:

On August 29, Computing Services notified students, faculty and staff members of a critical vulnerability in Java version 7 (or 1.7). Oracle has released a new version of Java 7 that corrects this vulnerability. All users of Java 7 should upgrade to Java 7 Update 7 as soon as possible. The Information Security Office will continue to monitor for and block known malicious websites and will also be monitoring for and notifying users of vulnerable computers on the campus network.
                  

WHAT YOU NEED TO DO:

Users should validate what version of Java is being used by their browser(s). This can be done by using the Patch Check tool available on the Information Security Office website. Be sure to verify the version of Java for each browser that you use.

https://www.cmu.edu/iso/patch-check/

  • If you are running Java version 6 (or 1.6), no additional action is needed at this time. You should continue to visit the Patch Check tool periodically to verify that you are running the most current version of Java 1.6.
  • If you are running Java version 7 (or 1.7), upgrade to Java 7 Update 7 as soon as possible. Java 7 Update 7 can be downloaded at the following location.

Note: Desktop Support customers are most likely running Java 1.6 and should not be running  Java 7 (7.1) except in rare circumstances.

http://www.java.com/en/download/

If your Java installation is configured to automatically update, you may be prompted to install the most recent version without taking any additional action. It is recommended that you still visit the Patch Check tool to validate that you have the most recent version installed.

Once Java is updated, the Java plug-in for your browser(s) can be safely re-enabled. To re-enable Java plug-ins, follow the same steps that were previously taken to disable the plug-ins. If you think you do not need the Java plug-in, you may wish to leave it disabled to alleviate future security concerns.


MORE INFORMATION:

To review the previous security alert sent by Computing Services, visit the following location:

http://www.cmu.edu/computing/news/security/2012/aug/082912java.html              
            

CONTACT:

Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or it-help@cmu.edu) or to your departmental administrator or DSP consultant.