This JRE (version 7u51) will expire with the release of the next critical patch update scheduled for April 15, 2014.įor systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u51) on May 15, 2014.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. The JRE expires whenever a new release with security vulnerability fixes becomes available. Running unsupported operating systems, particularly one as prevalent as Windows XP, create a very significant risk to users of these systems as vulnerabilities are widely known, exploit kits routinely available, and security patches no longer provided by the OS provider.JRE Security Baseline (Full Version String)įor more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer. Oracle also recommends Windows XP users to upgrade to a currently-supported operating system. Oracle recommends that home users visit to ensure that they run the most recent version of Java. 7 other Java SE client vulnerabilities receive a CVSS Base Score of 9.3 (denoting that a complete compromise of the targeted client is possible, but that that access complexity to exploit these vulnerabilities is “medium.”) All in all, this Critical Patch Update provides fixes for 17 Java SE client vulnerabilities, 1 for a JSSE vulnerability affecting client and server, and 2 vulnerabilities affecting Java client and server. This score affects a single Java SE client vulnerability (CVE-2014-4227). The highest CVSS Base Score for the Java vulnerabilities fixed in this Critical Patch Update is 10.0.
This Critical Patch Update provides 20 additional security fixes for Java SE.
0 kommentar(er)
