How-To: Remove old versions of the Sun Java Run-Time

Problem:

When installing updates to the Sun Java Run-Time, old versions are not removed. Any vulnerabilities in the old version remain on the system and are still accessible for exploit via the Web.

How Do I Know If I'm Affected?

Check your installed programs by click on START, Settings...., Control Panel, Add/Remove Programs (for some, it may be START, Control Panel, Add/Remove Programs.) Scroll down the list (see image below) and locate the J2SE Runtime entries.

As of 10/9/2007, the current version of the run-time is 6.0 Update 3. Malicious websites can reference any version of the Java Run-time you have installed, so it is suggested that you remove any prior versions for security reasons. If you don't have the current Update installed or are not sure what is the current Update version, you can get the latest installer at: http://www.java.com/en/download/index.jsp

Screenshot image of the add/remove programs highlighting the Sun Java Run-Time installations.

Resolution:

To remove prior versions of the Run-time, click on the entry to remove and click on Remove. Once the Run-time is uninstalled, the Add/Remove Programs window will be refreshed and the entry will no longer appear. Repeat for all other old versions.

If you need assistance, please file a Staff Help Desk Request

Important Notes:

Public exploits for prior Update versions are active on the Internet. These exploits can allow remote code execution (complete control of your computer) by an unauthenticated attached.