Skip to main content

IT News

Java Version 7 is Vulnerable to Malicious Attacks

On January 10, the United States Computer Emergency Readiness Team (US-CERT) released an advisory that Java 7 Update 10 contains “a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.” Java is a programming language and is part of the underlying technology that drives many of today’s computer programs, including WVU enterprise systems. WVU users may continue to use Java version 6, which does not have this vulnerability.

Scammers can exploit this vulnerability to gain unauthorized access to personal data through spam and phishing email. Alex Jalso, director of information security services and interim director of project management, suggests, “If you receive a suspicious email containing unknown links in the body of the message, do not click on the link, do not reply, and forward the message as an attachment to defendyourdata@mail.wvu.edu. After that, delete the email from your inbox.”

Oracle just released a software update (Update 11) to address the Java 7 vulnerability. Staff that support WVU enterprise systems are reviewing the update for compatibility and more communication will follow as they complete testing.

Kate Hazen, assistant vice president for administrative technology solutions, said, “Users should be alerted that some browser vendors like Firefox are attempting to automatically disable your Java plugin. At this time, the WVU enterprise systems need the Java plugin to remain enabled and the version to remain at version 6.”

For instructions on how to re-enable plugins, please contact the OIT Service desk at 293-4444 or email oithelp@mail.wvu.edu.