Carnegie Mellon University
February 04, 2013

Security Alert: Critical Vulnerabilities in Java 6 and 7

WHOM DOES THIS AFFECT?

Windows, Mac and Linux users running Java versions 6 and 7


SUMMARY:

Multiple new security vulnerabilities have been discovered in Java, one of which is being actively exploited to compromise computers. Oracle has released new versions of Java 6 and 7 to correct these vulnerabilities. All Java users should upgrade as soon as possible. The Information Security Office will continue to monitor for and block known malicious websites and will also be monitoring for and notifying users of vulnerable computers on the campus network.


WHAT YOU NEED TO DO:

If you are running Java version 6, upgrade to Java 6 Update 39 as soon as possible. Java 6 Update 39 can be downloaded at the following location.

http://www.java.com/en/download/manual_v6.jsp

If you are running Java version 7, upgrade to Java 7 Update 13 as soon as possible. Java 7 Update 13 can be downloaded at the following location.

http://www.java.com/en/download/

NOTE: Computing Services is partnering with the Oracle Financials and HR Data Warehouse teams to update its supported version of Java 6. Users of these applications should continue to use Update 37 until you are notified that a supported release is made available. Customers of the Desktop Support Program (DSP) will also receive separate instructions regarding an update to their managed desktops.

If your Java installation is configured to automatically update, you may be prompted to install the most recent version without taking any additional action. It is recommended that you visit the ISO Patch Check tool to validate that you have the most recent version installed.

https://www.cmu.edu/iso/patch-check/
            

MORE INFORMATION:

Additional information about these vulnerabilities can be found at:

http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html


CONTACT:

Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or it-help@cmu.edu) or to your departmental administrator or DSP consultant.