On Friday, January 11, a new vulnerability in Oracle Java software was announced. The issue allows malicious sites to install malware that could be used to steal an individual’s identity. Oracle has released an update for the vulnerability. The problem only affects Java Version 7.

University IT and URMC Information Systems Division will be pushing Java Version 7 Update 11 to managed systems. For systems that are not managed, a manual update to the Java software is strongly recommended. Instructions on how to check the version of Java you are running and how to update (if necessary) are available at www.rochester.edu/it/security/computer/javazeroday.