java exploit

Microsoft Security Essentials  caught java exploit as  part of the scan, I am really worried. should I remove java from my computer? do I need it ? is there a legitimate version  that I can download and how do I know what I have is a clean program . please help
Exploit-2.JPG
Java-Exploit.JPG
Basem KhawajaClinical PharmacistAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dpearsonCommented:
Yeah just update to the latest version:
java.com/download

You probably have an old version which has a potential exploit.  These are generally mostly theoretical risks, but it's best to update to be sure.

Doug
0
jcimarronCommented:
basemkhawaja64 --
The latest version of Java  is  Version 7 Update 67 .  You can see what version you now have from Control Panel|Programs and Features.
0
JohnBusiness Consultant (Owner)Commented:
Also, I do not recall seeing standard Java programs by that name. I think you should let Security Essentials deal with the threat, uninstall Java, and then go to www.java.com to get version 67. Download the full X86 version for windows and install it.

Make sure Security Essentials has scanned your whole system.

I have MSE on a couple of virtual machines with Java V67 and no threats coming up.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

jcimarronCommented:
basemkhawaja64 --
I should have added the following to my post above.
Since I expect you will be manually installing the latest version of Java, you should uninstall the old version.  Java offers an uninstaller tool.  This should avoid conflict between the old and new versions.
http://www.java.com/en/download/faq/uninstaller_toolinfo.xml

In the future you can set Java up to tell you when new versions are available.  Control Panel|Java|on the Java Console|Update tab, click Check for Updates Automatically.  Use the Notify me drop down menu to choose what you want Java to do with the Updates.  Click Apply|OK

To download the latest version of Java the download page is
http://java.com/en/download/manual.jsp
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CEHJCommented:
Also, I do not recall seeing standard Java programs by that name. I think you should let Security Essentials deal with the threat, uninstall Java

Those aren't programs, they describe the vulns that version of the JRE contains:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0422

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2460

Also, i'd personally uninstall Java before letting any AV app have its way with it or it can create a broken install. Actually that goes for any malware.

Description: This program is dangerous and exploits the computer on which it is run

What they mean is that it COULD exploit it. That however is no cause for complacency - the JRE is now the commonest attack vector against Windows boxes
0
Mike SunSenior Systems Engineer (IBM - retired)Commented:
It's worth checking if you really need Java to be installed. If not, it's best to simply remove it as a high proportion of malware comes through as exploits of Java vulnerabilities.

If Java is essential (a somewhat uncommon case these days), then make sure Java is kept up to date to minimise any security loopholes...
0
JohnBusiness Consultant (Owner)Commented:
I see Java in use in several websites I use, so I keep it installed.

Also, I read that Java 7 is at end of service in October, so I have both of my own machines at Java 8 release 20 right now.
0
jcimarronCommented:
I believe Java 8 has several problems/bugs.  
If you run http://java.com/en/download/installed.jsp?detect=jre  you will see what version you have and if it is version 7 update 67 a Windows 7 user will be told that is the version Oracle recommends.
0
JohnBusiness Consultant (Owner)Commented:
There have been 3 releases of Java 8 and it is running smoothly on both my Windows 8 machine and on my Windows 7 machine. There were bugs in Java 7 as well. I think both versions conflict with some EMET settings but I have sorted that out as well.
0
jcimarronCommented:
John Hurst--
I do not dispute what works on your machines.  I just point out that Oracle does not seem to recommend Java 8--at least not on my Win 7 64 bit Ultimate OS.
0
Basem KhawajaClinical PharmacistAuthor Commented:
jcimarron
once again you are a genius. one question though. I selected before downloading  ,the other option was before installing for the notify me .... what is the difference , I did verify now I have java 7 update 67 vs., the old one was 55. My friend one more thing I am still having a problem with my pictures they are not deleted till I click f5 refresh I click delete they still remain in the folder. you had helped me on this problem previously u suggested to use windows I did but still the same thing happens.  thank you
0
Basem KhawajaClinical PharmacistAuthor Commented:
he is very smart
0
jcimarronCommented:
basemkhawaja64--
You are welcome.  It is always a pleasure to try to help you.
On the Java Console Update tab, the two options for Notify Me once you have checked Check for Updates Automatically are "Before Downloading" and "Before Installing".  The first means Java will notify you before downloading .  The second means Java will download but not install until you agree.  The downloaded file will be in your Download Folder (unless you have changed that).

I am not sure I understand your second question.  Are you talking about the .jpg screenshots you posted here?   Sometimes when you delete a file, the icon will still appear in the location it was before you deleted.  But it should not function if you try to open it since the content will, in fact have been deleted.   A reboot, or as you have done a refresh, will delete the icon.
0
Basem KhawajaClinical PharmacistAuthor Commented:
No it is not about the ones that I posted here but in my other picture folders although in some folders I have seen when I delete it it goes away which is what I expected.thank you
0
Basem KhawajaClinical PharmacistAuthor Commented:
Ok thx
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.