UIT Alert: UIT Security Alert: Java Vulnerability
UIT Security Alert: Java Vulnerability
No services are affected by this event.
A vulnerability has been detected in Java that could allow a user visiting a malicious website to be infected by malware. The malware could potentially allow the attacker to install programs; view, change or delete data; or create new user accounts with full user rights. Oracle has issued security updates for Java to fix this issue. This vulnerability is currently being exploited, and users should take actions to protect their systems.
More detailed information about the vulnerability can be found at:
What UH is Doing
UIT Security has been monitoring information from Oracle, US CERT and other information security agencies. Working with campus IT administrators, we have been evaluating the impact to university systems and developing appropriate recommendations.
What You Should Do - Recommended User Actions
- Update the Java application to the current patch level regardless of what version of Java you are running (version 6 or version 7). Be aware that some campus applications are not compatible with Java version 7.
- Check to be sure that your systems are fully updated with the latest OS security patches, anti-virus and anti-malware updates. Make sure that you are also updating software such as Adobe, if installed.
- Be careful with all of the websites that you visit, and notify IT support staff immediately if you detect problems with your computer after visiting a site. Be sure your computer is set to alert you with pop-up messages before allowing applications to make changes your computer.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.