Carnegie Mellon University Website Home Page

SECURITY ALERT: Critical Vulnerabilities in Java 6 and 7

(US Eastern Time)
DAY: Monday
DATE: February 4, 2013


Windows, Mac and Linux users running Java versions 6 and 7


Multiple new security vulnerabilities have been discovered in Java, one of which is being actively exploited to compromise computers. Oracle has released new versions of Java 6 and 7 to correct these vulnerabilities. All Java users should upgrade as soon as possible. The Information Security Office will continue to monitor for and block known malicious websites and will also be monitoring for and notifying users of vulnerable computers on the campus network.


If you are running Java version 6, upgrade to Java 6 Update 39 as soon as possible. Java 6 Update 39 can be downloaded at the following location.

If you are running Java version 7, upgrade to Java 7 Update 13 as soon as possible. Java 7 Update 13 can be downloaded at the following location.

NOTE: Computing Services is partnering with the Oracle Financials and HR Data Warehouse teams to update its supported version of Java 6. Users of these applications should continue to use Update 37 until you are notified that a supported release is made available. Customers of the Desktop Support Program (DSP) will also receive separate instructions regarding an update to their managed desktops.

If your Java installation is configured to automatically update, you may be prompted to install the most recent version without taking any additional action. It is recommended that you visit the ISO Patch Check tool to validate that you have the most recent version installed.


Additional information about these vulnerabilities can be found at:


Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or or to your departmental administrator or DSP consultant.