A vulnerability in Java, a programming language used in many applications and installed on most computers on the K-State campus, is being actively exploited on the Internet to take over control of computers. K-State’s network is being attacked many times a day, looking for computers to compromise via this vulnerability in Java, and at least three K-State computers have been compromised recently by this exploit. This vulnerability affects version 6 Update 23 or older of the Java Runtime Environment (JRE).
K-Staters need to:
- Update JRE in Windows to the latest version, which at the time of this writing is 6 Update 25 (Update 24 actually fixed the bug, so that version is safe too). You can get the latest version from Oracle’s Java website, or update it from the Java Control Panel in Windows.
- Configure Java to automatically check for and download updates in that same control panel. If configured for automatic updates, the Java icon (above) will appear in your system tray (usually in the lower right corner of the screen) to alert you that an update needs to be installed.
If you need help, contact your IT support person or the IT Help Desk (785-532-7722, helpdesk@k-state.edu).
Java patching issues
Patching Java poses several challenges, though. For one, updating Java does not always remove the older, vulnerable version, thus leaving your computer potentially vulnerable.
However, some applications require the use of a specific, older version of JRE so you can’t always remove the older version before updating. Check with your IT support person to make sure the applications used by your department can work with the latest version of Java.
It’s also difficult for a user to recognize exactly what needs to be upgraded, since Java can be packaged and named in several ways (JRE, Java SE, JDK, Java VM, etc.).
More safety steps
- Update Java on your home computer(s) too.
- Update your Adobe products, since criminals target vulnerabilities in those products as well.