A better question would be -- how often have the done it already today? These exploits can be through drive-by advertisements on legitimate sites. They could be from bad sites. They could be from anywhere... -Nick ________________________________________ From: David McFarlane [[log in to unmask]] Sent: Tuesday, February 05, 2013 5:29 PM To: [log in to unmask] Subject: Re: [MSUNAG] JRE 6 Extended Support At 2/5/2013 04:02 PM Tuesday, Cooke, Tony wrote: >Since the University recommends/requires out of date/unsupported >software, which has known vulnerabilities, are we not being required >to put ourselves at risk? If so, is it an acceptable risk? My question exactly. Just how dangerous is this JRE to our users? Doesn't one have to be lured to a malicious website to trigger this sort of attack? How likely are our users to do this? -- dkm