/build/static/layout/Breadcrumb_cap_w.png

Addressing Feds warning on Java security via KACE appliance

http://www.politico.com/story/2013/01/feds-issue-warning-on-java-security-86090.html?hp=r3

any recommendation on disabling through kace?


0 Comments   [ + ] Show comments

Answers (4)

Posted by: jegolf 11 years ago
Red Belt
3

Java 7u11 is now out which is patched for the vulnerability. Trick now is to install the latest version but also uninstall all the old versions of Java in your environment as the flaw affected 7u10 and earlier. My method is to search the software inventory for the versions still in my environment, get the Product Un-Install Command of each, and create scripts targeted to those machines to remove that version.

Posted by: worzie 11 years ago
Fourth Degree Brown Belt
3

I have a Java cleaner script that has been working 99% of the time via kbox.  Uninstalls ALL versions of Java and J2SE using wmic.

<?xml version="1.0" encoding="utf-8" ?>
<kbots xmlns="http://kace.com/Kbots.xsd">
<kbot>

<config name="Java Cleaner Only" type="policy" id="261" version="1350426070" description="Uninstalls ALL versions of Java and J2SE">

  <execute disconnected="true" logged_off="true">
  </execute>

</config>

<compliance>

  <verify on_failure="break" attempts="1">


    <on_verify_success>
      <launch_program path="SYS" program="wmic.exe" wait="false" parms="product where &quot;name like 'J2SE%'&quot; call uninstall" />
      <launch_program path="SYS" program="wmic.exe" wait="true" parms="product where &quot;name like 'Java%'&quot; call uninstall" />
    </on_verify_success>

    <on_verify_failure>

      <on_remediation_success>
      </on_remediation_success>

      <on_remediation_failure>
      </on_remediation_failure>

    </on_verify_failure>

  </verify>

  <verify on_failure="break" attempts="1">


    <on_verify_success>
    </on_verify_success>

    <on_verify_failure>

      <on_remediation_success>
      </on_remediation_success>

      <on_remediation_failure>
      </on_remediation_failure>

    </on_verify_failure>

  </verify>

</compliance>

</kbot>
</kbots>



Posted by: mpace 11 years ago
Red Belt
2

If you haven't seen this tool I would recommend it as an easy way to find old Java GUIDs in your environment: http://www.itninja.com/blog/view/how-to-find-uninstall-strings

Once you have the GUIDs you can remove old versions by simple BAT scripting:

start /wait msiexec.exe /x GUIDHERE /qn

 

Posted by: jegolf 11 years ago
Red Belt
1

Was wondering the same thing. Easiest fix will be deploying a patched update...JAAAAVA developers!

*with sarcastic emphasis*


Comments:
  • unfortunately Oracle do not have a patch yet - binuani 11 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ