Good Day. I am new to this forum and have a basic question. My company has detected some security vulnerabilities on our Windows 2012r2 servers that have Java 8x installed. The vulnerabilities indicate that they are predominately JAVA CPU security issues which require JAVA updates/patches. After doing some research, I believe the solution is to patch our JAVA installation. I have the Critical patch list but the summary indicates:
Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes.
Do I read this to mean that the most current critical patch should resolve issues in JAVA for that posted date and prior? The statement: "but each advisory describes only the security fixes added....." , does that mean that while the patch is cumulative, the summary of the patch only discusses the most current fixes. That is, I will have all the remediations through the current patch?
Thank you