Service Restored: Java Vulnerability and Access to Campus Services

Last Updated: 01/22/2013
Login to subscribe

Start Date & Time

Fri, 01/11/2013 - 5:43pm

End Date & Time

Mon, 01/14/2013 - 11:38am

Description

Service Restored at 11:38 a.m., Monday, Jan. 14:  Oracle has released an update addressing the Oracle Security Alert for Java. These vulnerabilities may be remotely exploitable without authentication (i.e., they may be exploited over a network without the need for a username and password). To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages these vulnerabilities. The IT Security Office advises applying the update as soon as possible. To learn more, visit the 1/14/13 OIT Security Notice regarding the Java Updates:  https://www.colorado.edu/oit/java-update-1-14-2013.

Applying the update will address the issues with campus Juniper Network Connect VPN (located at https://cuvpn.colorado.edu). Once the patch is applied, those who use Macs and those who use Firefox to access the VPN will again be able to connect to it.

Service Issue Reported at 5:45 p.m., Friday, Jan. 11:  A security vulnerability in Java 7, that is currently being exploited, has led a number of software providers to disable the Java plug-in. At this time Apple and Mozilla (makers of the Firefox browser) have disabled Java in their software. This directly impacts the campus Juniper Network Connect VPN (located at https://cuvpn.colorado.edu) and as a result, Macs and those who use Firefox to access the VPN are currently unable to connect to it.

Malicious attackers are using the exploits to turn compromised websites into platforms for silently installing malicious software. So using caution when visiting websites is advised. OIT is continuing to investigate this problem in hopes that a workaround can be found for the VPN before Oracle fixes the issue. More information about the vulnerability, workarounds and fixes will be posted here as it becomes available.

Should you have questions, please call the OIT Service Center at 303-735-4357 (5-HELP from a campus phone) The Service Center is available as follow: Monday to Thursday 7:00 a.m. to 10:00 p.m.; Friday, 7:00 a.m. to 7:00 p.m.; and Saturday and Sunday, 12:00 noon to 6:00 p.m.