Oracle Fixes Java Vulnerability Used By Russian Cyberspies

itwbennett writes: Oracle said that it has fixed 154 security flaws in Java and a wide range of its other products, including one that Russian cyberespionage group Pawn Storm used to launch stealthy attacks earlier this year. The vulnerability, tracked as CVE-2015-4902, was being used by the Pawn Storm attackers to enable the execution of a malicious Java application without user interaction.

Oracle RDBMS license required

[Billly+Gates]

... for those on Java 5/6 to get these updates.

So wonderful our Cisco routers, SAP, and Kronos require +200 exploitable holes be on all corporate computers where I get blamed and writeups for cryptolocker infections.

Needless to say our accounting department does not want to pay upgrade as they work fine.