Almost 95 per cent of endpoints running Java and making active requests are currently vulnerable to at least one Java exploit.
According to research by Websense, almost 75 percent of end-users are using a Java Runtime Environment release that is more than six months out of date, while almost two-thirds of users are a year behind and more than 50 percent are two years behind.
It also found that only about five percent of active users were using the latest Java Runtime Environment (1.7.17).
The company gathered the statistics through a new Java version detection system added to its classification engine running across tens of millions of endpoints.
Java was a favourite of many underground hackers. Vulnerabilities affecting the platform were incorporated into more than two dozen exploit kits.
Users should update to Java 7 to continue to receieve security updates.
In other Java news, Coverity has launched a scanning tool for Java open source projects. Jennifer Johnson, chief marketing officer at Coverity, said: “We have worked with the leading open source projects in the C/C++ community to help them find and fix issues in their software.
“By extending Coverity Scan to now include Java projects, we will be able to help drive even higher levels of software quality and security throughout the open source community.”