Advisory: Oracle Java Vulnerabilities – Reference No. 59470

We are making changes to the way Java is installed on the Managed Desktop/Laptop which means it will no longer be available automatically but you will be able to install the app from the ‘Apps on Demand’ folder. This does not apply to the CLT Desktop (IT Suites and teaching rooms).

We are aware that there are security concerns with several version of Java.For this reason it has been decided that from Wednesday, 13th March, 2013, Java JRE will no longer be automatically installed as part of the Managed Desktop/Laptop build. Instead, an app to install Java will be available in the ‘Apps on Demand’ folder for Users to self-install. This is version 7, update17, which at the time of writing is the latest version and recommended. We will continue to update the version based on advice from JANET CERT.

You should only install Java if a business or teaching application requires this. One example of an application that requires Java is PECOS.

This will only affect devices that are built from today.

For those that have Java already installed you can also protect yourself by disabling Java in your browser and re-enabling it when you need it.

Disable Java in Internet Explorer:

1. Open Internet Explorer.

2. Type ALT + T to activate the Tools menu and choose Manage Add-ons.

3. Choose “All add-ons” from the Show drop-down menu.

4. Disable all items that begin with Java

5. Close Internet Explorer.

Disable Java in Firefox:

1. Open Firefox and click the Firefox tab -> Add-ons

2. Choose the Plugins tab

3. Disable all items that begin with Java

4. Close Firefox.

More general advice about Java vulnerabilities is available from the following links:

http://www.kb.cert.org/vuls/id/688246

http://answers.uchicago.edu/page.php?id=28585

HELP & ADVICE

If you have any questions or concerns about this work please contact Service Desk quoting reference number 59470.

Leave a Reply

Your email address will not be published. Required fields are marked *