1 month after release almost 93% have not updated to the recent version of Java
Posted by: Tim Tibbetts on 06/08/2013 10:41 AM [ Comments ]
Throughout the last 6 weeks, Websense Security Labs has been collecting telemetry from our Websense ThreatSeeker Network to provide insight into usage of the most recent version of Java. Following the March 2013 study that looked at what versions of Java are being used, they saw that almost 93% of users are still not patched to the most recent version of Java. This leaves the majority of users still vulnerable to the dangers of exploit code already in use in the wild.
Since the April 16 Java Critical Patch Update was released by Oracle, they also noticed that businesses have been slow to apply the Version 7 Update 21 patch into their environment. Based on their analysis, they identified the following trends:
- 2 days after the release of the patch, less than 2% of users had adopted Java SE Version 7 Update 21.
- After a full week, the average adoption of the newest version of Java was at less than 3%.
- 2 weeks after the newest Java version was released, the trend line had moved to a little over 4%.
- One month after release, the number of live web requests using the most recent version of Java was only around 7%.
Their investigations further revealed that the busiest period of patch adoption was during the second week after release, and that adoption is continuing although at a slower rate. As news spreads of an available patch, they've noted that some organizations are then more willing to apply the patch.
Check out your Java version now at http://www.java.com/en/download/help/java_update.xml
Some people have multiple versions of Java and for this we suggest JavaRA, a free program that will check for the latest version as well as remove old and redundant versions. You can download that at http://www.majorgeeks.com/files/details/javara.html
Since the April 16 Java Critical Patch Update was released by Oracle, they also noticed that businesses have been slow to apply the Version 7 Update 21 patch into their environment. Based on their analysis, they identified the following trends:
- 2 days after the release of the patch, less than 2% of users had adopted Java SE Version 7 Update 21.
- After a full week, the average adoption of the newest version of Java was at less than 3%.
- 2 weeks after the newest Java version was released, the trend line had moved to a little over 4%.
- One month after release, the number of live web requests using the most recent version of Java was only around 7%.
Their investigations further revealed that the busiest period of patch adoption was during the second week after release, and that adoption is continuing although at a slower rate. As news spreads of an available patch, they've noted that some organizations are then more willing to apply the patch.
Check out your Java version now at http://www.java.com/en/download/help/java_update.xml
Some people have multiple versions of Java and for this we suggest JavaRA, a free program that will check for the latest version as well as remove old and redundant versions. You can download that at http://www.majorgeeks.com/files/details/javara.html
Comments