http://www.politico.com/story/2013/01/feds-issue-warning-on-java-security-86090.html?hp=r3

any recommendation on disabling through kace?

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

3

Java 7u11 is now out which is patched for the vulnerability. Trick now is to install the latest version but also uninstall all the old versions of Java in your environment as the flaw affected 7u10 and earlier. My method is to search the software inventory for the versions still in my environment, get the Product Un-Install Command of each, and create scripts targeted to those machines to remove that version.

Answered 01/13/2013 by: jegolf
Red Belt

Please log in to comment
3

I have a Java cleaner script that has been working 99% of the time via kbox.  Uninstalls ALL versions of Java and J2SE using wmic.

<?xml version="1.0" encoding="utf-8" ?>
<kbots xmlns="http://kace.com/Kbots.xsd">
<kbot>

<config name="Java Cleaner Only" type="policy" id="261" version="1350426070" description="Uninstalls ALL versions of Java and J2SE">

  <execute disconnected="true" logged_off="true">
  </execute>

</config>

<compliance>

  <verify on_failure="break" attempts="1">


    <on_verify_success>
      <launch_program path="SYS" program="wmic.exe" wait="false" parms="product where &quot;name like 'J2SE%'&quot; call uninstall" />
      <launch_program path="SYS" program="wmic.exe" wait="true" parms="product where &quot;name like 'Java%'&quot; call uninstall" />
    </on_verify_success>

    <on_verify_failure>

      <on_remediation_success>
      </on_remediation_success>

      <on_remediation_failure>
      </on_remediation_failure>

    </on_verify_failure>

  </verify>

  <verify on_failure="break" attempts="1">


    <on_verify_success>
    </on_verify_success>

    <on_verify_failure>

      <on_remediation_success>
      </on_remediation_success>

      <on_remediation_failure>
      </on_remediation_failure>

    </on_verify_failure>

  </verify>

</compliance>

</kbot>
</kbots>



Answered 01/14/2013 by: worzie
Second Degree Green Belt

Please log in to comment
2

If you haven't seen this tool I would recommend it as an easy way to find old Java GUIDs in your environment: http://www.itninja.com/blog/view/how-to-find-uninstall-strings

Once you have the GUIDs you can remove old versions by simple BAT scripting:

start /wait msiexec.exe /x GUIDHERE /qn

 

Answered 01/14/2013 by: mpace
Red Belt

Please log in to comment
1

Was wondering the same thing. Easiest fix will be deploying a patched update...JAAAAVA developers!

*with sarcastic emphasis*

Answered 01/12/2013 by: jegolf
Red Belt

  • unfortunately Oracle do not have a patch yet
Please log in to comment
Answer this question or Comment on this question for clarity