Security Experts:

Connect with us

Hi, what are you looking for?



Security Updates for Java 7 Will Work on Windows XP: Oracle

Oracle has clarified that future security patches for Java 7 will still work on Windows XP, but pointed out that it can no longer provide “complete guarantees” for the software because the operating systems is no longer supported by Microsoft.

Oracle has clarified that future security patches for Java 7 will still work on Windows XP, but pointed out that it can no longer provide “complete guarantees” for the software because the operating systems is no longer supported by Microsoft.

Microsoft officially stopped providing technical support and security updates for Windows XP on April 8 and it has been trying to convince customers ever since to migrate to a current supported operating system to ensure that their computers are protected against cyber threats.

In an FAQ published on the Java website at the beginning of July, Oracle informed customers that they can continue to use Java 7 updates on Windows XP at their own risk, but noted that support will only be provided for Windows Vista or later. The company also revealed that Windows XP users will be unable to install Java 8 on their systems.

Many rushed to conclude that Java will no longer work on Windows XP and that users will not be able to update their installations. However, in a blog post published on Friday, Henrik Stahl, the vice president of product management at Oracle’s Java Platform Group, explained that the rumors are untrue and urged users not to believe everything they read on the Internet.

“We expect all versions of Java that were supported prior to the Microsoft de-support announcement to continue to work on Windows XP for the foreseeable future. In particular, we expect that JDK 7 will continue to work on Windows XP. Security updates issued by Oracle will continue to be pushed out to Windows XP desktops,” Stahl said.

According to Oracle, users will continue to receive automatic updates for Java 7 on Windows XP at least until April 2015, when the end of public updates for JDK 7 is scheduled. The company has also pointed out that while Java 8 is not supported on Windows XP and the installer doesn’t work on this operating systems, users can run it in most cases by unpacking it manually.

“Although Microsoft has retired Windows XP earlier in April, it continues to be heavily used worldwide, both in corporate and home environments. Our initial advice for XP users was to keep all third-party applications up-to-date and to deploy a solid antivirus solution until they migrate to a newer OS,” said Bogdan Botezatu, Senior E-Threat Analyst at Bitdefender, a security company that will continue to provide support for its products on Windows XP until 2016.

“Although Java 7 will still receive updates, its long-term future on Windows XP is uncertain. It would be unfair to ask companies to support an operating system that is not even supported by its vendor anymore. This is yet another reminder that all XP machines should be transitioned to a newer OS immediately,” Botezatu told SecurityWeek.

On Tuesday, Oracle plans on addressing a total of 113 security issues, including 20 Java vulnerabilities that can be exploited remotely without authentication.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.