The risk of using an unpatched version of Java depends on how you use it. If it’s only used to run specific, business-related software, the risk is low. By far the biggest risk is Java code that arrives on your computer by way of compromised web sites, or in email.
Java’s newer, built-in security features make it less of a risk than in years past, but risk remains. As a rule, it’s best to keep Java up to date.
If Java is installed on your Windows computer, you’ll see an entry for it in the list of installed software in the Control Panel or Settings. You should also see an applet in the Control Panel for Java, which you can use to both check which version is installed, and update it if necessary.
To get to the Control Panel in Windows 10, click the Start button, then start typing “control panel”. You should see it in the search results as you type. Click the search result to get there.
Security risks arising from the use of older versions of Java are not as scary as they once were, since most current web browsers no longer support Java. The notable exception is Internet Explorer 11, which still supports the Java NPAPI plugin. Still, it’s best to keep Java up to date if it’s installed.
The easiest way to both check whether you have Java installed and see which version you’re running is to go to the Windows Control Panel. On Windows 7 and earlier, the Control Panel is accessible via the Start menu. On Windows 8.1 and 10, Microsoft annoyingly hid the Control Panel, but you can find it by clicking the start button and entering the text “control”. In the list of search results, you should see “Control Panel”. Click that to get to the Control Panel.
If Java is installed, you’ll see its Control Panel entry: Java (32-bit). Once you’ve clicked that, you’ll see the multi-tab Java applet. To see which version is installed, go to the Java tab and click View... The Product column shows the version. If it shows as “1.8.0_271“, that means you’re running Java 8 Update 271. Click Cancel to close that dialog.
To update Java, go to the Update tab and click the Update Now button. Follow the prompts to download and install the latest applicable version.
There are eleven Java vulnerabilities listed in the advisory, all of which may be remotely exploitable without authentication (exploited over a network without requiring user credentials).
This is a good time to check whether your Windows computers have Java installed, and either update it, or remove it completely if it’s no longer required.
If you’re not sure whether you need Java, you might as well remove it. If you subsequently encounter an application or web site that doesn’t run properly without Java, it’s easy enough to simply reinstall Java from the main Java download page.
The simplest way to check whether Java is installed is to open up the Windows Control Panel and look for a Java (or Java 32-bit) entry. If you see one, open that and navigate to the About tab.
To update Java, you can use the Update tab of the Java Control Panel applet, or just head to the main Java download page.
At this point, most folks probably don’t need Java. Which is good, because it’s still a target for malicious hackers. If you don’t actually need Java, it’s a good idea to remove it completely from your computers.
You can check whether Java is installed by opening the Windows Control Panel and looking for a Java entry. On my Windows 8.1 computer, it looks like this: . If you can’t see a Java entry in the Control Panel, try changing View by to Small icons. If you still can’t see it, Java probably isn’t installed. To find the Control Panel on Windows 10, press the Windows key, then type ‘control’. You should see Control Panel in the search results.
You can also double-check by opening Programs and Features in the Control Panel. Search the Programs and Features list for ‘java’.
If you’re not sure whether you still need Java, uninstall it, then if something stops working, you can always reinstall it.
If you do need to keep Java around, to run old Java applications and games, access ancient Java-enabled web sites, or use work-related resources you have no control over, it’s best to keep it up to date.
The Java Control Panel will let you see the currently installed version, and provides a link to download and install the newest version.
These days the only mainstream web browser that still supports Java is Internet Explorer. If you use Internet Explorer with Java enabled, keeping Java up to date is critical.
But even if you don’t use IE with Java, if Java is installed on your computer, it’s a good idea to keep it up to date. If you’re not sure, look for a Java entry in the Windows Control Panel. Open it and click the About button on the General tab to check the installed version. If it’s not up to date, go to the Update tab and click the Update Now button.
If you still use Java, and particularly if Java is enabled in Internet Explorer, it’s important to keep it up to date. Security vulnerabilities in Java are still a somewhat popular target for malicious hackers and malware purveyors.
If you’re not sure whether Java is even installed on your computer, look for a Java entry in the Windows Control Panel. If you see one, Java is installed. The Java Control Panel has an Update tab that allows you to check for pending updates and install the latest version.
You can check whether Java is enabled in Internet Explorer by using that browser to visit Oracle’s Verify Java Version page.
Oracle issues quarterly updates for a wide range of software products, and that includes Java. The July 2019 update describes ten security vulnerabilities that are addressed in the latest version of Java, 8 update 221.
Oracle’s quarterly Critical Patch Update for Q2 2019 documents vulnerabilities and updates for its entire product line. As usual, it’s the updates to Java that are important to most users.
The Patch Update details five distinct security vulnerablities in Java 8 Update 202 and earlier versions. A new release, Java 8 Update 211, addresses these vulnerabilities. The new version includes numerous other changes, most of which are of little interest to anyone aside from developers.
Keeping Java up to date is less urgent than in the past, since most of the major web browsers stopped supporting it in recent years.
If you do use a web browser with Java enabled, which is still possible with Internet Explorer and older, unsupported versions of many other browsers, you should make sure to install the new version as soon as possible.
The simplest way to update Java is to head to the Windows Control Panel, look for the Java icon, and — if you see one — open it, then go to the Update tab and click the Update Now button. Follow the prompts to complete the process.
These advisories cover a lot of Oracle software, most of which is likely of very little interest for ordinary users. But buried in each of these reports you’ll usually find a reference to a new version of Java.
It’s increasingly unlikely that you have a shared Java installation on your Windows computer. You may run Java applications, such as Minecraft and some network and Internet tools, but these often include their own, separate installs of Java now.
The easiest way to see whether you have a shared install of Java on your Windows 7 or 8.x computer is to go to the Control Panel and look for a Java entry. If you see one, open it up and go to the Update tab, then click the Update Now button. If there’s an update available, you’ll be able to install it from there.
You can also visit the Verify Java Version page, but unless you’re using Internet Explorer, it won’t be able to tell you if you’re even running Java. If you’re on Windows 10, that’s also the easiest way to check your version.
If you use Java, I encourage you to update it as soon as it’s convenient. Java is not the target it once was, but it’s still a good idea to reduce your exposure to Java-based threats by keeping it up to date. The only web browser that officially still supports Java is Internet Explorer. If you use Internet Explorer with Java enabled, you should update Java immediately.
The easiest way to check your Java version and download the latest is to go to the Windows Control Panel, open the Java applet, click the Update tab, then click the Update Now button. If you’re already up to date, you’ll see a message to that effect.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.