AUSTIN, TX--(Marketwire - Feb 5, 2013) - SolarWinds (
"In the past, patch concerns were primarily about fixing bugs in the product, but organizations not applying security patches to Windows, Flash, Java, and many other third party apps are now prime targets for infestations," said Lawrence Garvin, SolarWinds Head Geek and patch management expert. "What's more, all vulnerabilities have a history. And in the case of Java, it's important to remember that only 18 of the issues identified since Java 7's release are unique to Java 7.
"Of the 84 vulnerabilities identified since Java 7's release, 66 of them also existed in Java 6, while 40 still exist in Java 5 and will never be fixed. The history of these vulnerabilities is an example that underscores the importance of diligent and continuous patch management in every business environment."
Garvin said the press coverage around Java 7's security issues may be influencing some organizations to fail to upgrade their Java 6 installations to Java 7, thinking that Java 7 is flawed, when in fact the entire core of the Java platform has vulnerabilities.
Oracle has announced that no new updates will be forthcoming for Java 6 after February 2013, so that any additional vulnerability discovered in Java 7 -- and also existing in Java 6 -- will never be patched after that time.
In an effort to help enable IT professionals to manage any exposure they may have to the JRE 7 vulnerability, SolarWinds recently updated SolarWinds Patch Manager, its patch management solution. Now, all IT professionals can fully deploy the latest Java Runtime Environment (JRE) 7 patch to their environments using the 30-day free trial version of this product.
How to Deploy the JRE 7 Patch Using SolarWinds Patch Manager
Step 1: Download the free 30-day SolarWinds Patch Manager evaluation.
Step 2: Configure SolarWinds Patch Manager using the Evaluation Guide.
Step 3: For WSUS, approve the update for installation. For ConfigMgr, add the update to an existing Deployment Package.
For more information on the history of Java's vulnerabilities and steps to manage exposure, check out Garvin's blog post, "How Bad is the State of Java, Really?," in PatchZone.org, a thwack community space for Microsoft and third-party patch updates, tips and peer-to-peer discussion.
Garvin also shared his findings with Brian Krebs of KrebsonSecurity, who validated the research and shared them in a blog post over the weekend, "Critical Java Update Fixes 50 Security Holes."
SolarWinds, SolarWinds.com and thwack are registered trademarks of SolarWinds. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.