University of Vermont

Information Technology

Java Security Alert

A security flaw that allows hackers and criminals to take control of computer workstations (desktop and laptop) has been reported and publicized.  Many Windows workstations are vulnerable, and it is easy to take advantage of the flaw.  The problem is in Java, which is developed and maintained by Sun (now owned by Oracle) and is installed to support browsers such as Internet Explorer and Mozilla Firefox.  All that's needed to infect a vulnerable computer is to visit a malicious web page.    

This flaw is rated as the highest possible vulnerability because most personal computer systems are set for the user to operate with administrative privileges, which gives the exploit full control of the workstation.

The vulnerability is present in Windows XP, Windows 7, Vista, Windows 98, Windows 2003, Windows 2000, Windows 2008 Server, Windows ME, Solaris SPARC, Solaris x86, Red Hat Linux, SUSE Linux, JDS.  It is not present in Apple's OS X.

How to Tell if Your Computer is Affected


To determine if your server or workstation is vulnerable, go to http://www.java.com/en/download/help/testvm.xml
If your update version is 18 or 19, your system is vulnerable.  

The UVM Information Security Operations Team strongly recommends applying this update immediately if your workstation is vulnerable.

For most Windows workstations, the update is available through http://www.java.com/en/download/help/java_update.xml .

For updates for other types of workstations or servers, or for more information about the problem, refer to the following site and links to which it points:  http://blogs.oracle.com/security/2010/04/security_alert_for_cve-2010-08.html

If you have questions about the notice, or if you need help, please contact your college's or department's IT personnel, or contact the UVM Computing Help Line by phone at 802-656-2604 or online.
Contact UVM © 2014 The University of Vermont - Burlington, VT 05405 - (802) 656-3131