{"id":1119,"date":"2013-02-22T11:29:49","date_gmt":"2013-02-22T16:29:49","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=1119"},"modified":"2013-02-22T11:29:49","modified_gmt":"2013-02-22T16:29:49","slug":"oracle-releases-new-java-fixes-speeds-up-patching-cycle","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/02\/22\/oracle-releases-new-java-fixes-speeds-up-patching-cycle\/","title":{"rendered":"Oracle releases new Java fixes, speeds up patching cycle"},"content":{"rendered":"

\"\"<\/a><\/p>\n

Oracle releases new Java fixes, speeds up patching cycle
\nOracle released new Java security updates on Tuesday and announced plans to accelerate the release of future Java patches following recent attacks that have infected computers with malware by exploiting zero-day vulnerabilities in Java browser plug-ins.
\nThe new updates, Java 7 Update 15 and Java 6 Update 41, address five additional vulnerabilities that couldn’t be included in the emergency Java update that Oracle released on Feb. 1 due to time constraints. At the time, Oracle broke out of its scheduled 4-month Java patching cycle in order to patch a vulnerability that was being actively exploited by hackers.
\nFour of the five vulnerabilities addressed in the Tuesday updates can be exploited through Java Web Start applications on desktops and Java applets in Internet browsers, Eric Maurice, Oracle’s director of software assurance, said Tuesday in a blog post.
\nThree of those four vulnerabilities received the highest rating on the Common Vulnerability Scoring System scale — 10 — which means they are critical and can be exploited to completely compromise the confidentiality, integrity, and availability of systems where Java runs with administrator privileges, such as Windows XP. On systems where Java does not run with administrative privileges, such as Linux or Solaris, the impact is lower, Maurice said.
\nThe fifth vulnerability affects server deployments of the Java Secure Socket Extension (JSSE) and stems from the Lucky Thirteen attack against SSL\/TLS implementations that security researchers disclosed earlier this month.
\nEven though the new Java 6 Update 41 is available for download from Oracle’s website, it is not available from Java.com and must be obtained manually. The updating feature in Java 6 installations will prompt users to download and install Java 7 Update 15.
\nThis was a planned move from Oracle, which previously announced on its websitethat it will “start auto-updating all Windows 32-bit users from JRE 6 to JRE 7 with the update release of Java, Java SE 7 Update 15 (Java SE 7u15), due in February 2013.”
\nOracle will speed up its patching cycle for Java. “Oracle’s intent is to continue to accelerate the release of Java fixes, particularly to help address the security worthiness of the Java Runtime Environment (JRE) in desktop browsers,” Maurice said.
\nThe next scheduled Critical Patch Update for Java SE will be released on April 16, two months from now instead of four, and will come at the same time as the Critical Patch Update for Oracle’s non-Java products. The next Java patch update after that is scheduled for June 18.
\nvia Oracle releases new Java fixes, speeds up patching cycle | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Oracle releases new Java fixes, speeds up patching cycle Oracle released new Java security updates on Tuesday and announced plans […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,9],"tags":[341,583,782],"class_list":["post-1119","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-exploit","tag-java","tag-oracle"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-i3","jetpack-related-posts":[{"id":5980,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/15\/future-java-7-security-patches-will-work-on-windows-xp-despite-end-of-official-support\/","url_meta":{"origin":1119,"position":0},"title":"Future Java 7 security patches will work on Windows XP despite end of official support","author":"NCCT","date":"July 15, 2014","format":false,"excerpt":"Oracle has dispelled rumors that the upcoming security update for Java 7 and those it will release in the future might not work on Windows XP. \u201cWe expect all versions of Java that were supported prior to the Microsoft de-support announcement to continue to work on Windows XP for the\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7766,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/03\/10\/playing-minecraft-no-longer-makes-your-pc-a-juicy-target-for-hackers\/","url_meta":{"origin":1119,"position":1},"title":"Playing Minecraft no longer makes your PC a juicy target for hackers","author":"NCCT","date":"March 10, 2015","format":false,"excerpt":"The folks at Microsoft-owned Mojang just gave PC users one more reason to uninstall Java from their systems. The Minecraft launcher for PC now installs and manages its own instance of Oracle\u2019s software. The version of Java the new Minecraft launcher uses is contained within the game\u2019s directory\u2014meaning you no\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5916,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/08\/attack-on-dailymotion-redirected-visitors-to-exploits\/","url_meta":{"origin":1119,"position":2},"title":"Attack on Dailymotion redirected visitors to exploits","author":"NCCT","date":"July 8, 2014","format":false,"excerpt":"Attackers injected malicious code into Dailymotion.com, a popular video sharing website, and redirected visitors to Web-based exploits that installed malware. The rogue code consisted of an iframe that appeared on Dailymotion on June 28, researchers from security vendor Symantec said Thursday in a blog post. The iframe redirected browsers to\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6231,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/11\/microsoft-to-issue-many-windows-patches\/","url_meta":{"origin":1119,"position":3},"title":"Microsoft to issue many Windows patches","author":"NCCT","date":"August 11, 2014","format":false,"excerpt":"Microsoft has released their advance notification for the August 2014 Patch Tuesday updates. There will be a total of nine updates issued next Tuesday, August 12, two of them rated critical. The two critical bugs affect Windows and Internet Explorer. The critical Windows update affects only business and professional editions\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8617,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/09\/11\/the-first-monthly-android-security-updates-start-rolling-out-for-nexus-devices\/","url_meta":{"origin":1119,"position":4},"title":"The first monthly Android security updates start rolling out for Nexus devices","author":"NCCT","date":"September 11, 2015","format":false,"excerpt":"Google has delivered on its promise to release monthly security updates today, with the first of said updates now rolling out to nearly all Nexus devices released in the past three years. The updates haven't been given their own Android version number, with Google instead opting to simply change the\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5710,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/10\/microsoft-pushes-out-massive-security-update-for-internet-explorer\/","url_meta":{"origin":1119,"position":5},"title":"Microsoft pushes out massive security update for Internet Explorer","author":"NCCT","date":"June 10, 2014","format":false,"excerpt":"Microsoft pushes out massive security update for Internet Explorer Six down, six to go. Today is the Microsoft Patch Tuesday for June, and it comes with seven new security bulletins. The good news is that five of the seven are only rated as Important, but one of the two Critical\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/1119","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=1119"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/1119\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=1119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=1119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=1119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}