SolarWinds Cautions IT World to Deploy Effective Patch Management to Java-run Environments
February 5, 2013 No CommentsSOURCE: SolarWinds
AUSTIN, TX – February 5, 2013 – SolarWinds (NYSE: SWI), a leading provider of powerful and affordable IT management software, today reiterated a reminder to IT professionals on the importance of keeping all patches for third party applications up to date in light of the recent Java Runtime Environment (JRE) 7 vulnerabilities.
“In the past, patch concerns were primarily about fixing bugs in the product, but organizations not applying security patches to Windows, Flash, Java, and many other third party apps are now prime targets for infestations,” said Lawrence Garvin, SolarWinds Head Geek and patch management expert. “What’s more, all vulnerabilities have a history. And in the case of Java, it’s important to remember that only 18 of the issues identified since Java 7’s release are unique to Java 7.
“Of the 84 vulnerabilities identified since Java 7’s release, 66 of them also existed in Java 6, while 40 still exist in Java 5 and will never be fixed. The history of these vulnerabilities is an example that underscores the importance of diligent and continuous patch management in every business environment.”
Garvin said the press coverage around Java 7’s security issues may be influencing some organizations to fail to upgrade their Java 6 installations to Java 7, thinking that Java 7 is flawed, when in fact the entire core of the Java platform has vulnerabilities.
Oracle has announced that no new updates will be forthcoming for Java 6 after February 2013, so that any additional vulnerability discovered in Java 7 – and also existing in Java 6 – will never be patched after that time.
In an effort to help enable IT professionals to manage any exposure they may have to the JRE 7 vulnerability, SolarWinds recently updated SolarWinds Patch Manager, its patch management solution. Now, all IT professionals can fully deploy the latest Java Runtime Environment (JRE) 7 patch to their environments using the 30-day free trial version of this product.
How to Deploy the JRE 7 Patch Using SolarWinds Patch Manager
Step 1: Download the free 30-day SolarWinds Patch Manager evaluation.
Step 2: Configure SolarWinds Patch Manager using the Evaluation Guide
Step 3: For WSUS, approve the update for installation. For ConfigMgr, add the update to an existing Deployment Package.
For more information on the history of Java’s vulnerabilities and steps to manage exposure, check out Garvin’s blog post, “How Bad is the State of Java, Really?,” in PatchZone.org, a thwack community space for Microsoft and third-party patch updates, tips and peer-to-peer discussion.
Garvin also shared his findings with Brian Krebs of KrebsonSecurity, who validated the research and shared them in a blog post over the weekend, “Critical Java Update Fixes 50 Security Holes.”
About SolarWinds
SolarWinds (NYSE: SWI) provides powerful and affordable IT management software to customers worldwide from Fortune 500 enterprises to small businesses. In all of our market areas, our approach is consistent. We focus exclusively on IT Pros and strive to eliminate the complexity that they have been forced to accept from traditional enterprise software vendors. SolarWinds delivers on this commitment with unexpected simplicity through products that are easy to find, buy, use and maintain while providing the power to address any IT management problem on any scale. Our solutions are rooted in our deep connection to our user base, which interacts in our online community, thwack, to solve problems, share technology and best practices, and directly participate in our product development process. Learn more today at http://www.solarwinds.com/.
SolarWinds, SolarWinds.com and thwack are registered trademarks of SolarWinds. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.