For those who still use Java, a Critical Patch Update that has 19 new security fixes for Oracle Java SE has been released. In addition, with this release, the SSLv3 protocol (Secure Socket Layer) has been deactivated and is not available by default. In addition, the protocol is removed from the Java Control Panel advanced options, although it can be re-enabled manually.
With the usual warnings about pre-checked extras, the update can be obtained from here: Java SE 8u31 (http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html).
Additional details are available in my blog post: Oracle Java Critical Security Update (http://securitygarden.blogspot.com/2015/01/oracle-java-critical-security-update.html)
Beware of Ask.com (https://www.java.com/en/download/faq/ask_toolbar.xml) toolbar infections.
Thank you, Corrine.
I installed it, and now I have these things about Java in my Control Panel:
Java 8 update 31
Java 8 update 40
Java SE Development Kit 8 update 40
Should I uninstall the oldest Java? And what is the Development Kit?
And something else: Should I run the Microsoft Fix it to disable Java every time I update Java?
Java SE JRE8u40 was not a security update. It has "bug fixes and new features" but the security baseline is Java SE JRE8u31. The next security update is scheduled for April 15. Anyway, Panos, you don't need the Development Kit unless you plan on developing applications for Java. As long as you have Java 8 Update 40 installed, go ahead and uninstall both of the following:
Java 8 update 31
Java SE Development Kit 8 update 40
As to running the Microsoft Fix it, for IE, I don't see what that is necessary. If you don't need Java very often, you can disable it in both Firefox and Pale Moon. Then, when a program/website you are using prompts for Java, you can enable it via the plugin.
Click the Firefox and/or PaleMoon tab --> Add-ons --> Plugins
Select the Java (TM) Platform plugin and click Disable (if the button displays Enable then Java is already disabled)
Close the tab.
Ok, I uninstalled them.
I have already disabled the plug in in Pale Moon and IE. But every time I had to install an update I was running the Microsoft Fix it to disable Java. Anyway, I didn't run it this time.
What about IE Java block (32 and 64 bit) Shim? I suppose they have to do with the Fix it in IE?
As far as I know, yes, but, looking at How to disable the Java web plug-in in Internet Explorer (http://support.microsoft.com/kb/2751647) again, I see it hasn't been reviewed in some time and IE11 is not listed.
You can also disable Java via the Control Panel. See How do I disable Java in my web browser? (http://www.java.com/en/download/help/disable_browser.xml).
Thank you. :rose: