Oracle has quietly ended all support for Java on Windows XP.
As a result, the quarterly security updates scheduled for July 15 will not include any fixes for Windows XP.
In an FAQ on the Java site the company states that Microsoft's end of support for Windows XP is the reason for Oracle's decision to end support. Users may still run Java 7 at their own risk. Java 8, the next major version, will not be available for Windows XP.
In a press release, Morten Kjaersgaard, CEO of Danish IT security firm Heimdal Security says that after the updates are applied, Java will no longer load on Windows XP. The new Java versions will be 7u65 and 8u11, according to Kjaersgaard.
Update on July 4: We asked Oracle for a comment and received this statement from Henrik Stahl, vice president for product Management at Java:
"As you know, Microsoft no longer supports Windows XP and recommend their users to upgrade to more recent versions in order to maintain a stable and secure environment.
Oracle makes the same recommendation to our users running Java on Windows, and also has a standing recommendation that users stay current with the most recent Java security baseline — currently available for the public for Java 7 and 8. There are a few compatibility issues with Java 8 on Windows XP, since it is not an officially supported configuration. We are looking at ways to resolve these.
For now, we will keep Java users on Windows XP secure by updating them to the most recent Java 7 security update on an ongoing basis. Java users on more recent Windows versions can choose between Java 7 and 8, and depending on their choice will be kept up to date with the most recent Java 7 or 8 security update respectively."
Based on this statement and the language in the FAQ linked to above, it appears that Oracle's policy is that future Java updates may or may not work on Windows XP. You run them at your own risk. Kjaersgaard says that the current test versions of those updates do not work on Windows XP, but perhaps that will change by July 15.
As Kjaersgaard also notes, Windows XP still accounts for a large percentage of systems in use, even in enterprises. Of those systems, Heimdal Security claims, according to their intelligence, that almost 88 percent run Java.
Java has been a major source of real-world security threats over the last few years. While he advises Windows XP users to upgrade to a modern, supported version of Windows, Kjaersgaard recognizes that Windows XP users are stubborn and will be exposed. "This is a huge security problem," says Kjaersgaard.