Oracle Java SE Critical Security Update

[Corrine]

Oracle released the scheduled critical security updates for its Java SE Runtime Environment software. The update contains 32 new security fixes for Oracle Java SE. 28 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

Update

If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

Download link: Java SE 8u141

Verify your version: http://www.java.com/en/download/testjava.jsp
________________
Java SE 8u131 Update Release Notes
Oracle Critical Patch Update - July 2017

 

[Corrine]

Out-of-Band Java SE Update

Oracle released an out-of-band update for its Java SE Runtime Environment software. The update contains bug fixes for Oracle Java SE.

Update : If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.


Download link: Java SE 8u144

Verify your version: http://www.java.com/en/download/testjava.jsp

Java SE 8u144 Update Release Notes

 

[x BlueRobot]

The Java version verification page will only work if your browser has NPAPI support.

 

[plodr]

I don't have Java installed so I can't test this method. Can someone who does have it installed see if this will work, please?
1. Open a cmd window (run as administrator).
You can type cmd in the search/run box. When you see cmd.exe right click and select run as administrator.
2. Type this

java -version

Note the space between java and the dash.
3. You should either see the version or, if not installed, 'java' is not recognized as an internal or external command, operable program or batch file.

 

[x BlueRobot]

Please find the output of the command on my system below:

java version "1.8.0_144"
Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)

I didn't have to run an elevated command prompt either.

 

[plodr]

Thanks for testing this. :thumbsup2:

 

[Digerati]

Update : If Java is still installed on your computer...

If Java is still installed on your computer, I recommend you uninstall it and see if anything breaks. Odd are, nothing will and you can leave it off and have peace of mind this highly and constantly vulnerable program won't put your computer or its users in jeopardy again. I removed it over 2 years ago and nothing I use broke.

If, on the slim chance you do still have some obscure program that needs Java, you will simply be prompted to install it again and at that point, you know at least you have the latest [and hopefully most secure - for now] version. That said, if you do still have some program that needs Java, I recommend you look around for an alternative program that doesn't.

 

[x BlueRobot]

I personally have Java applets disabled for any installed browsers and only allow Java for desktop programs. I only use the Java runtime environment for writing Java programs.

https://www.java.com/en/download/help/disable_browser.xml

 

[Digerati]

and only allow Java for desktop programs.

I personally removed Java from all my systems about 2 years ago (once Minecraft for my grandson upgraded to a sans Java version) and have not encountered a program since that needed it. I recommend everyone remove it and see what happens. Chances are, you don't need it. The following shows how to remove it too.

Java is Insecure and Awful, It’s Time to Disable It, and Here’s How

 

[Sysnative Windows Update]

Unfortunately, I have to use it for my e-banking. All banks in Croatia enforce it and we cannot avoid using Java.

 

[Digerati]

That is too bad. I for sure would disable it and only enable it again when banking, then quickly disable it again.

 

[x BlueRobot]

That is too bad. I for sure would disable it and only enable it again when banking, then quickly disable it again.

There's no need to, you can configure a Java whitelist for websites you wish to allow to run Java content.

 

[Digerati]

There's no need to, you can configure a Java whitelist for websites you wish to allow to run Java content.

This is true. But that is a lot of hand-holding that for many is more hassle than worthwhile. Considering Java is specifically targeted because it is known to be such a security risk, I see no reason to leave it enabled when not needed.

If me, I would contact those banks and other sites claiming you need Java and urge them to get with the times.