You are here

Jan 23, 2013 - Update on Java Zero-day Security Vulnerability

Further to our important bulk email notice sent on 14 Jan 2013 on the subject, we would like to keep our users updated of the situation while we would continue monitoring the case.

On 15 January 2013, our Internet firewall vendor has released a "software signature" to detect and guard against the stated Java vulnerability; and this update was applied to HKU's Internet firewall immediately.  Since then, PCs inside our campus network are protected against the known threats that would come from external Internet due to the stated vulnerability.

According to the latest announcement from CERT, "http://www.kb.cert.org/vuls/id/625617", Java 7 Update 11 should have addressed the vulnerability concerned. If you need to use the following Java-based services of HKU Portal or to gain access to other Java-based websites, you can enable Java in web-browsers after updating to 7u11 using its Java Control Panel.

- Departmental Inventory system (DIS)
- Financial Functions for Operational Staff (FFOS)
- Facilities and Space Management Information / Departmental Rooms Information
- Long leave application
- IHP facilities booking system
- CEDARS facilities (banner sites, rooms) booking system
- HKUSU rooms booking system

On the other hand, you need not enable Java in web-browsers if so far your PC has not encountered any problems with Internet access. This will help mitigate other Java vulnerabilities that could occur in the future.

If you need any assistance, please contact our Service Desk (Room 104, Run Run Shaw Building, Tel: 28592480) or make an email enquiry to ithelp@hku.hk.

Thank you for your attention.

Information Security Team
IT Services