Security Experts:

Security Updates for Java 7 Will Work on Windows XP: Oracle

Oracle has clarified that future security patches for Java 7 will still work on Windows XP, but pointed out that it can no longer provide "complete guarantees" for the software because the operating systems is no longer supported by Microsoft.

Microsoft officially stopped providing technical support and security updates for Windows XP on April 8 and it has been trying to convince customers ever since to migrate to a current supported operating system to ensure that their computers are protected against cyber threats.

In an FAQ published on the Java website at the beginning of July, Oracle informed customers that they can continue to use Java 7 updates on Windows XP at their own risk, but noted that support will only be provided for Windows Vista or later. The company also revealed that Windows XP users will be unable to install Java 8 on their systems.

Many rushed to conclude that Java will no longer work on Windows XP and that users will not be able to update their installations. However, in a blog post published on Friday, Henrik Stahl, the vice president of product management at Oracle's Java Platform Group, explained that the rumors are untrue and urged users not to believe everything they read on the Internet.

"We expect all versions of Java that were supported prior to the Microsoft de-support announcement to continue to work on Windows XP for the foreseeable future. In particular, we expect that JDK 7 will continue to work on Windows XP. Security updates issued by Oracle will continue to be pushed out to Windows XP desktops," Stahl said.

According to Oracle, users will continue to receive automatic updates for Java 7 on Windows XP at least until April 2015, when the end of public updates for JDK 7 is scheduled. The company has also pointed out that while Java 8 is not supported on Windows XP and the installer doesn't work on this operating systems, users can run it in most cases by unpacking it manually.

"Although Microsoft has retired Windows XP earlier in April, it continues to be heavily used worldwide, both in corporate and home environments. Our initial advice for XP users was to keep all third-party applications up-to-date and to deploy a solid antivirus solution until they migrate to a newer OS," said Bogdan Botezatu, Senior E-Threat Analyst at Bitdefender, a security company that will continue to provide support for its products on Windows XP until 2016.

"Although Java 7 will still receive updates, its long-term future on Windows XP is uncertain. It would be unfair to ask companies to support an operating system that is not even supported by its vendor anymore. This is yet another reminder that all XP machines should be transitioned to a newer OS immediately," Botezatu told SecurityWeek.

On Tuesday, Oracle plans on addressing a total of 113 security issues, including 20 Java vulnerabilities that can be exploited remotely without authentication.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.