Emergency Java Fix for 50 Flaws Released

Update 13 for Java 7 and Update 39 for Java 6 was released today by Oracle. The security update, which was originally scheduled for February 19, was pushed through today because the vulnerabilities in question were being actively exploited in the wild.

"After receiving reports of a vulnerability in the Java Runtime Environment (JRE) in desktop browsers, Oracle quickly confirmed these reports, and then proceeded with accelerating normal release testing around the upcoming Critical Patch Update distribution, which already contained a fix for the issue," said Oracle in the company's security update release blog. "Oracle felt that, releasing this Critical Patch Update two weeks ahead of our intended schedule, instead of releasing a one-off fix through a Security Alert, would be more effective in helping preserve the security posture of Java customers."

Today's security update addresses 50 security issues; 44 found in the client deployed versions of Java, three in the client and server deployment of Java, two in the server-related Java Secure Socket Extension (JSSE) and one in the installation process of Java Runtime Environment.

Breaking it down, that means all but the installation error can be remotely exploited if unpatched, and, according to Oracle's Java SE Risk Matrix, 35 of the flaws scored a 10.0 -- the  highest severity score possible for vulnerabilities based on the ease of exploitation.

For those running Windows, it is recommended that you uninstall the earlier versions of Java before updating.

Apple took steps to protect its Mac OS users yesterday by "blacklisting" all current versions of Java. This means that until an updated version of Java is released, which Apple distributes to Mac customers, the use of the Web plugin will be disabled.

Apple has yet to release information on when the updated version of Java will be available for Mac users.


About the Author

Chris Paoli is the site producer for and


  • How To Use .CSV Files with PowerShell, Part 1

    When it comes to bulk administration, few things are handier than .CSV files. In this two-part series, Brien demos his top techniques for working with .CSV files in PowerShell. First up: How to create a .CSV file.

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.