Security Advisor

Most Are Running Vulnerable Versions of Java

According to a Rapid7 researcher, only 38 percent of those running the Java Runtime Environment have updated to the newest version of the software -- and the number only reaches that high after a patch has been out for six months.

What's even scary is in the first month of a Java update, the adoption rate is below 10 percent.

What's so alarming about this? Take the latest news that code for successfully exploiting a Java flaw has been added to the well-known hacker toolkit called BlackHole. The vulnerability in question allows hackers to bypass Java's sandbox and load up an unsuspecting user's computer with malware.

However, there's an easy way to avoid this attack that has been seen running wild online: update your Java! The newest version of Java, which was released Feb. 15, will keep you protected from falling victim to this exploit. However, according to security researcher estimates, only a little more than 10 percent of you are protected.

Oracle needs to take a page out of Mozilla's book and silently push these updates to everyone on release. I'm pretty sure something as simple as an update to Java doesn't need the rigorous testing period that's reserved for "critical" Windows fixes.

Actually, speaking of Mozilla, it has blacklisted any outdated version of Java in its Firefox Web browser (I found this out last night. Apparently the Java on my home PC had evaded updates since last June.)

When do you update your Java? When a patch is released? When you remember? Want to shame me for being part of the 70 or so percent with an out-of-date Java? Let me know at

About the Author

Chris Paoli is the site producer for and


  • New Office App Coming to Windows 10 Users

    Microsoft is delivering a new Office app for Windows 10 consumer and business users over the new few weeks, according to a Wednesday announcement.

  • Microsoft Warns .NET Core 1.0 and 1.1 Losing Support in June

    Microsoft gave notice this week that .NET Core 1.0 and 1.1 will fall out of support on June 27, 2019.

  • Microsoft Publishes Windows Deadlines on Upgrading to SHA-2

    Microsoft on Friday described its 2019 timeline for when it will start distrusting Secure Hash Algorithm-1 (SHA-1) in supported Windows systems, as well as in the Windows Server Update Services 3.0 Service Pack 2 management product.

  • Performing a Storage Refresh on Windows Server 2016, Part 1

    To spruce up some aging lab hardware, Brien decided to make the jump to all-flash storage. Here's a walk-through of the first half of the process.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.