• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / Java 6 Update 20 Released Today

Java 6 Update 20 Released Today

2010-04-15 by Jason

To the surprise of System Administrators everywhere, Sun released a Java update today. Arriving only a week after Java 6 Update 19 was released, the update comes as a surprise to address an exploit found in Java by Tavis Ormandy, a researcher at Google. Apparently Ormandy managed to force Sun’s hand as they had replied to his responsible disclosure of the exploit saying that the exploit was not critical enough to force breaking the update cycle, which would have meant it would be addressed in the next scheduled update of July. Tavis Ormandy to the Full Disclosure mailing list:

Sun has been informed about this vulnerability, however, they informed me they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle.

For various reasons, I explained that I did did not agree, and intended to publish advice to temporarily disable the affected control until a solution is available.

Within a few days of Tormandy’s public disclosure via the Full Disclosure mailing list, the exploit was seen in the wild as reported by Krebs on Security. With the exploit in the wild, doom-and-gloom came from multiple security-related sources from around the Internet. Apparently this was enough to convince Sun to address the problem with an emergency patch which came out today.

Java 6 Update 20 does not explicity state anything about patching the vulnerability in its Release Notes but it has been confirmed that the exploit’s proof of concept no longer works once you have installed the fix. Apparently the code to access javaws.exe (the source of the exploit) has been removed altogether, according to a researcher over Twitter.

You can check to see if you’re running the latest version of Java and download it from java.sun.com to get one without the Bing Toolbar. (One of many bloatware titles.)

After reviewing my previous article on how to deploy Java with Group Policy, I’ve pushed the update out to my users and all will be running the latest version upon the next restart.

Filed Under: Security and Privacy, Software, System Administration

Trending

  • Pressy, add a button to your Android
    In Hardware, Gadgets, and Products
  • Emerging Cyber Threats Report 2012 Published
    In Security and Privacy
  • Small business cyber security
    In Infographics

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Command line to take ownership and change permissions Command line to take ownership and change permissions
  • Creating and editing views in phpMyAdmin Creating and editing views in phpMyAdmin
  • Configure Outlook to recurring appointments for the last weekday of the month Configure Outlook to recurring appointments for the last weekday of the month
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business
  • Benefits of End-To-End Testing That Will Match Company Expectations Benefits of End-To-End Testing That Will Match Company Expectations
  • 3 Key Features of Pets Health Monitoring Systems 3 Key Features of Pets Health Monitoring Systems
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in