The ICS/SANS Diary advisory:
"Remove old JRE!
Last Updated: 2007-01-23 00:53:25 UTC
by Adrien de Beaupre (Version: 1)
As new versions of the Sun Java JRE keep coming out to address security vulnerabilities do NOT forget to remove the old versions. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run, update the applications and then update the JRE, and then remove the old JRE versions. Why? A Java applet can request which version of JRE it wishes to use, that's why."
ICS/SANS was not the only recognized authority issuing a warning. US-CERT issued Technical Cyber Security Alert TA07-022A indicating:
"The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system."US-CERT substantiates the recommendation of ICS/SANS to uninstall the affected versions and disable Java in your browser(s).
The affected versions of Sun Java Runtime Environment (JRE) are listed below.
- JDK and JRE 5.0 Update 9 and earlier
- SDK and JRE 1.4.2_12 and earlier
- SDK and JRE 1.3.1_18 and earlier