Monday, January 14, 2013

Java 7 Patch 11 Deployed

As many of you have been asking us about, the media has been made aware of a recent high-profile exploit in Java.  The advice at the time of the leak was to disable or uninstall Java on every computer you can, as it was believed the weakness permeated all versions of Java across all operating systems.  Those of you signed on with our CommonFocus service were contacted with this information and the option of doing so for you as part of the service.

Fortunately, the fine people at Oracle have wasted no time in closing this loophole with Java 7 Patch 11.  The Oracle Security Blog at https://blogs.oracle.com/security/entry/security_alert_for_cve_2013 nicely outlines some of the vulnerabilities that were exploited and how they have been closed.  However, the important thing to know is that Java has been patched against that particular weakness.

For those of you on our CommonFocus contracts, you will be updated automatically.  For any of the rest of our customers, if you've already removed Java, then at your convenience you may reinstall for free simply by visiting www.java.com and downloading the latest version.  If you've had Java disabled, you should re-enable it, and then immediately visit www.java.com to update to the latest version.

If you have any questions, don't hesitate to contact your IT provider as we are happy to assist in any way that we can.

Stay safe and happy browsing!

Friday, January 11, 2013

Java Exploit

We have been made aware of a vulnerability in all versions of Java that is currently being used to install malicious software on any Windows PC with Java runtime installed.

At this time our recommended action is to uninstall Java from all workstations.

Although this will break functionality on any websites, even non-malicious or trusted ones, it is the only way to properly secure your workstations from being infected.

If you need access to Java enabled websites for normal day-to-day operations we recommend only going to business critical websites with workstations that still have Java installed.  Casual browsing is not recommended, even on popular websites.

All Common Focus customers are being alerted of the threat through email.  Please respond to the email to have Java uninstalled automatically from all workstations.

As soon as a patch is released we will update this blog.

Update:

Many people have been asking for instructions on how to remove Java.

The official documentation can be found on Oracle's site here:

http://www.java.com/en/download/uninstall.jsp

Thank You,
PointSolve Technology, Inc.