Java 7 Alert - Java 7 Vulnerability

Printer-friendly version

Please Note: All Pace users should be using Java 6 with Pace systems.  Using Java 7 at this time will cause compatibility issues with Pace systems.

Java 7 Alert - Java 7 Vulnerability (Java 6 Download Instructions for Pace Use)

In October 2012, a vulnerability was discovered which affects Java 7 (1.7.0 Update 6).  The vulnerability allows malicious code to be run on a system.  This can occur by visiting a maliciously crafted web page using a web browser that has the Java plug-in enabled. Oracle had released an official patch that was to resolve that vulnerability issue.  However, a more recent article indicates that the vulnerability has not been resolved.  To view the article found on CNN Tech, click the following link: Critical Java vulnerability due to incomplete earlier patch.

At this time, Pace DOES NOT recommend using Java 7 since it is not yet supported by our system vendors for applications such as Kronos and Banner.  Pace is currently supporting Java 6 for use with Pace systems.  Using other versions at this time will cause compatibility issues and/or security issues.  Below are instructions for obtaining and setting up any configuration settings necessary for the supported version.

Instructions for downloading and using Pace-supported Java 6 for Pace Systems

What Version Do I Have?

  1. Click Start and select Control Panel
  2. Click Java and then select About (You will see the current version of Java that you are running listed in this window. If you are using Java 6 continue to the Configuring Auto Updates to be Disabled so Java will not auto-update (Recommended) section below)
  3. If you are using any version of Java 7 uninstall it using the instructions below:

a.       Click Start and select Computer
b.      Select Uninstall or change a program
c.       Click Java 7 and press Uninstall

Installing Java 6 (Be sure to close all browsers prior to installation.)

  1. Go here: http://www.java.com/en/download/manual_v6.jsp
  2. Click on Windows Offline (32-bit) or click http://javadl.sun.com/webapps/download/AutoDL?BundleId=71310
  3. Click Save and then Run the file
    IMPORTANT: In the following 3 steps, be sure to uncheck any boxes that say “Include this software” before clicking Next.
  4. Click Install and clickClose

Configuring Auto Updates to be Disabled so Java will not auto-update (Recommended)

  1. Click Start and select Control Panel  and select Java
  2. Click the Update tab
  3. Uncheck Check for Updates Automatically
  4. Click Never Check

Enabling Java 6 on Firefox

  1. Open Firefox
  2. A message will appear notifying you of the Java program installation, check the Allow This Installation boxand click Continue and then selectRestart Firefox
  3. Click Tools or the Firefox tab on the upper left hand of the screen and select Add-ons
  4. Click Plugins from the left and search for Java(TM) Platform SE 6 U38 6.0.380.5
  5. Click Enable (Note: If it says Disable, that means it is already Enabled)

NOTE: The below error message will appear each time you log into either Kronos or Banner, click the little block to enable the plugin. This message will appear because Java 6 is not the newest Java available, which is Java 7.  Java 7 contains security vulnerabilities, and does not currently work on Pace systems.

If there are any issues, please contact the ITS Help Desk at (914) 773-3333 (pacehelpdesk@pace.edu) or online at http://help.pace.edu.