Addressing Feds warning on Java security via KACE appliance
http://www.politico.com/story/2013/01/feds-issue-warning-on-java-security-86090.html?hp=r3
any recommendation on disabling through kace?
Answers (4)
Java 7u11 is now out which is patched for the vulnerability. Trick now is to install the latest version but also uninstall all the old versions of Java in your environment as the flaw affected 7u10 and earlier. My method is to search the software inventory for the versions still in my environment, get the Product Un-Install Command of each, and create scripts targeted to those machines to remove that version.
I have a Java cleaner script that has been working 99% of the time via kbox. Uninstalls ALL versions of Java and J2SE using wmic.
<?xml version="1.0" encoding="utf-8" ?>
<kbots xmlns="http://kace.com/Kbots.xsd">
<kbot>
<config name="Java Cleaner Only" type="policy" id="261" version="1350426070" description="Uninstalls ALL versions of Java and J2SE">
<execute disconnected="true" logged_off="true">
</execute>
</config>
<compliance>
<verify on_failure="break" attempts="1">
<on_verify_success>
<launch_program path="SYS" program="wmic.exe" wait="false" parms="product where "name like 'J2SE%'" call uninstall" />
<launch_program path="SYS" program="wmic.exe" wait="true" parms="product where "name like 'Java%'" call uninstall" />
</on_verify_success>
<on_verify_failure>
<on_remediation_success>
</on_remediation_success>
<on_remediation_failure>
</on_remediation_failure>
</on_verify_failure>
</verify>
<verify on_failure="break" attempts="1">
<on_verify_success>
</on_verify_success>
<on_verify_failure>
<on_remediation_success>
</on_remediation_success>
<on_remediation_failure>
</on_remediation_failure>
</on_verify_failure>
</verify>
</compliance>
</kbot>
</kbots>