Oracle Java Critical Security Update

Corrine · Apr 16, 2014

If you still have Java installed, it is time to update!

Oracle released the scheduled critical security updates for its Java SE Runtime Environment software. Oracle reported that Java SE does not include OpenSSL and, therefore is not affected by HeartBleed and CVE-2014-0160. For Oracle products that are affected, see OpenSSL Heartbleed Vulnerability CVE-2014-0160.

This is a Critical Patch Update that contains 37 fixes for Java, 35 of which Oracle indicated can be exploited by an attacker without the need for authentication. Additional details about the update are available in my blog post here.

Download Link: Java Version 7 Update 55

Warning: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Will Watts · Apr 16, 2014

Updated. Supposedly Java is meant to notify me about updates, but it doesn't seem to do so very regularly - I was still running Java 7 Update 51.

Corrine · Apr 16, 2014

Java 8 was released last month, compatible with Windows Vista, Windows 7 and Windows 8. However it is not compatible with Windows XP. (See Oracle Java SE 8 Released) Anyone who updated to Java 8 needs to get the security updates as well. If you elect to update to JRE SE 8, be sure to check that version 7 has been removed. If not, uninstall it.

Search

Search

Oracle Java Critical Security Update

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Will Watts

Senior Administrator, Security Analyst

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Oracle Java Critical Security Update

Corrine

Administrator, Microsoft MVP, Security Analyst

Will Watts

Senior Administrator, Security Analyst

Corrine

Administrator, Microsoft MVP, Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst