US CERT unimpressed by Oracle Java zero-day flaw patch

The US Computer Emergency Response Team (CERT) has again recommended internet users turn off Java, claiming the platform is still insecure despite a recent patch from Oracle.

The CERT released a warning claiming that despite Oracle's recent security patch, the Java platform is still putting internet users at risk.

The patch fixed the zero-day flaw but it had not addressed wider concerns about vulnerabilities in the Java Management Extensions (JMX) MBean platform, it said in its updated release.

Following its warning, CERT reiterated security vendors recommendation that users turn off or uninstall Java from their computer.

"Unless it is absolutely necessary to run Java in web browsers, disable it... even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future," read CERT's release.

The zero-day vulnerability was initially discovered by security firm Trend Micro. The company unearthed the vulnerability after spotting a ransomware Trojan known as Reveton targeting the flaw.

The malware has since been connected with the popular Blackhole and Cool exploit kits, which allow criminals to mount automated attacks targeting the exploit.

The vulnerability is one of many to be discovered in widely used services this year. On Monday Microsoft was forced to release an out of cycle security patch designed to fix a vulnerability in its Internet Explorer web browser.