Oracle has released an update addressing security holes in Java. The update addresses remotely exploitable vulnerabilities that do not require authentication.
The IT Security Office advises applying the updates as soon as possible.
JDK and JRE 7 Update 15 and earlier
JDK and JRE 6 Update 41 and earlier
JDK and JRE 5.0 Update 40 and earlier
Released: March 4, 2013
OIT has defined the following categories to describe the severity of security risks:
URGENT severity represents a broad threat to the entire campus community.
SEVERE severity included remote exploits and worms.
IMPORTANT severity includes virus and local exploits for commonly used services.