Monday, 8 February 2016

Why the New Java Update is Important for Your Windows Systems

Oracle on Monday advised its users to run the latest version of Java to prevent bugging.
The advice is contained in a statement made available by the organisation, a copy of which was obtained by the News Agency of Nigeria (NAN) in Lagos.
According to the statement, Oracle has released a patch for the CVE-2016-0603 security vulnerability.
``The security patch is to close a Java vulnerability which, if left unchecked, can lead to 'complete compromise' of Microsoft Windows systems.
``The security loophole is named CVE-2016-0603 and the bug fix has been released to address a vulnerability, which can be exploited when Java version 6, 7, or 8 is installed on a windows platform.
``The weakness is remotely exploitable, allowing attackers to compromise a network without the need for usernames or passwords," it said.
It added that in order to exploit the security bug, an attacker would need to trick the user into visiting a malicious website and downloading infected files to their machine, before Java 6, 7, or 8 was installed.
According to the statement, it will be difficult to achieve, a successful exploitation of the vulnerability can result in "complete compromise" of a user's system.
It said that the risk of compromise only exists during the initial installation process.
Oracle had assured users that those who were already using an existing version of Java were not vulnerable to CVE-2016-0603.
According to the statement, users who have downloaded any old version of Java prior to 6u113, 7u97, or 8u73, should discard the old downloads and replace them with 6u113, 7u97 or 8u73 or later.
The statement said that the security patch was cumulative and therefore, any network it was installed upon would also receive all existing fixes from previous Critical Patch Updates and Security Alerts.
It said that as part of security alert, Oracle warned users to check that they were running the latest version of Java Standard Edition (SE) and that older versions had been completely removed from the system.
The statement said that the company had also recommended that users only download Java updates from official Java sources because alternatives might be `malicious’.
``Oracle has posted full details about the risks of the CVE-2016-0603 vulnerability and how to protect against it on its technology network.
``Under the terms of a settlement with the U.S. Federal Trade Commission, Oracle is now expected to warn users if they are running an out-0dated version of Java SE," it said. (NAN)

No comments:

Post a Comment

Thank You For Your Opinion, comments
Email Us -