Office of Information Technology Newsletter

Serious Java Vulnerability Threatens AU Computers

Computer Virus

At the beginning of the semester, the Office of Information Technology sent several messages to members of the AU community regarding security flaws that had been discovered in the latest versions of Java, installed on most Windows, Apple and Linux computers, that were being actively exploited. This flaw affected all versions of Java 1.7 and may affect earlier versions as well.

Oracle Corporation, the company responsible for Java, has released several updates to address these known vulnerabilities. So it is paramount to make sure you have the latest version installed, if in fact you need to use Java at all. Ultimately, it is critical to keep all of your software patched; and there tools to help you do this.

Many people do not know that the exploitation of vulnerabilities in Java and Adobe Reader account for the majority of malware infections for AU computers, so this highlights the fact that unless you really need Java you should uninstall it.

With Java enabled, computers are left vulnerable to attackers, as malicious software can be installed without the user's knowledge through what is known as a "drive-by" attack, where the computer gets infected with malware simply by visiting a website that has been infected. It is important to recognize that there are NO safe websites. Recently, even NBC.com was infecting customers that had unpatched Java and Adobe products, as described in the link to the article in the Related Links section.

Recommendations

  1. Uninstall Java, if you do not need it.
  2. Update Java to the Latest Version.
    • Open your web browser and go to http://www.java.com.
    • Click on the FREE JAVA DOWNLOAD button.
    • On the next page, click the AGREE AND START FREE DOWNLOAD button.
    • Once the Java download is finished, run the installation file to update your computer to the latest version of Java.
    • Important: The Java installer may try to install an unnecessary browser toolbar. You should uncheck the box for this toolbar, as it is checked by default.
  3. Disable Java in Your Web Browser: A good way to judge if you really still need to have Java installed is to disable it on your computer. Then, if you don't need it within the next 30 days, you know you are safe to uninstall it. A link to the instructions for unplugging Java from your web browser is in the Related Links section on the right.
  4. Don't click on web pop-ups, but close the window instead. If they won't close, open your process list and force your browser to close.
  5. Always watch for Java and Adobe update messages, so you can update as soon as any vulnerabilities are addressed. After you update, be sure to also remove any old versions that may still be installed.

Please note that JavaScript, which is commonly used on websites, is distinct from Java and is not affected by this vulnerability.

Please contact the IT Help Desk at 202-885-2550, e-mail helpdesk@american.edu, or instant messenger at AskAmericanUHelp for assistance, recommendations of tools to help you check your computer for out of date software, or to obtain further information.


>> Back to Newsletter