Future Java 7 security patches will work on Windows XP despite end of official support

Windows XP users will continues to receive Java 7 security updates until at least April 2015, Oracle says

By Lucian Constantin, IDG News Service |  Security

Oracle has dispelled rumors that the upcoming security update for Java 7 and those it will release in the future might not work on Windows XP.

"We expect all versions of Java that were supported prior to the Microsoft de-support announcement to continue to work on Windows XP for the foreseeable future," said Henrik Stahl, vice-president of product management in the Java Platform Group at Oracle, in a blog post Friday.

"Security updates issued by Oracle will continue to be pushed out to Windows XP desktops," he said.

The next security updates for Java 7 will be released Tuesday and will address 20 security issues that can be exploited remotely without authentication. Some vulnerabilities to be patched in the update have the highest criticality rating (10.0) in the Common Vulnerability Scoring System, Oracle said in an advance notification.

Microsoft ended general support for Windows XP on April 8, leaving users of the 12-year-old OS without access to future security updates. As a result, Oracle announced earlier this year that it too will stop providing official support for Windows XP.

"Users may still continue to use Java 7 updates on Windows XP at their own risk, but support will only be provided against Microsoft Windows releases Windows Vista or later," the company said on its Java website.

Some people interpreted that to mean that future Java 7 updates will not work on Windows XP, which would have had serious security implications for the thousands of companies and organizations that still use the OS with or without custom support contracts from Microsoft.

However, the implications of Oracle's announcement is that customers who find issues on Windows XP need to replicate them on later versions of Windows in order to ensure that the company will develop a patch, Stahl said. If the issue only affects Windows XP "Oracle is not required to (and may be unable to) issue a patch or a workaround," he said.

Java vulnerabilities are frequently targeted by hackers in drive-by download attacks and past reports showed that Java is still widely used in enterprise environments where it's needed for a variety of business applications.

If Oracle had stopped issuing working Java 7 security updates for Windows XP, it would have forced users of the OS to run outdated and vulnerable versions of the software, but according to Stahl, that won't happen.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness