Hmm, out of concern for compatibility, I've kept GPO-installed client systems at JRE 6 (update 33 is the latest needed for security patches). Looks like that was a good call and I don't have to worry about this particular problem, at least not yet. But it will be interesting to see if Oracle's Java group recognize the seriousness of this and issue an interim update before the scheduled quarterly update.
Carl From: Ziots, Edward [mailto:[email protected]] Sent: Monday, August 27, 2012 2:44 PM To: NT System Admin Issues Subject: 0 Day in Java 1.7 up to Version 6 Importance: High Heads up on the Java Front. 0 day Attackers Pounce on Zero-Day Java Exploit - Krebs on Security: http://krebsonsecurity.com/2012/08/attackers-pounce-on-zero-day-java-exploit/ Cross Post from the Internal Security Discussion list at Microsoft. (Thanks to Ms Bradley the SBS queen J) Already emailed the handlers at SANS to hopefully update the ISC page to spread the word. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
