Even better, uninstall it via GPO :)
(If applicable in your environment, yada yada yada).
Testing this out now.
'###########Script Written By Dylan Ogle & Nainesh Bhavan - November
2011##########
'Start Script
On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
'Uninstall Java 2 Runtime Environment, J2SE Runtime Environment
Set colJava4dot3 = objWMIService.ExecQuery("Select * from Win32_Product
Where Name like 'Java 2 Runtime Environment Standard Edition %'")
For Each objSoftware in colJava4dot3
objSoftware.Uninstall()
Next
'Uninstall Java 2 Runtime Environment, J2SE Runtime Environment
Set colJava4dot3 = objWMIService.ExecQuery("Select * from Win32_Product
Where Name like 'J2SE Runtime Environment %'")
For Each objSoftware in colJava4dot3
objSoftware.Uninstall()
Next
'Uninstall Java 2 Runtime Environment, SE *
Set colJava4dot3 = objWMIService.ExecQuery("Select * from Win32_Product
Where Name like 'Java 2 Runtime Environment, SE %'")
For Each objSoftware in colJava4dot3
objSoftware.Uninstall()
Next
'Uninstall Java(TM) 6 Update *
Set colJava6dot = objWMIService.ExecQuery("Select * from Win32_Product Where
Name like 'Java(TM) 6 Update %'")
For Each objSoftware in colJava6dot
objSoftware.Uninstall()
Next
'Uninstall Java(TM) 7 Update *
Set colJava6dot = objWMIService.ExecQuery("Select * from Win32_Product Where
Name like 'Java(TM) 7 Update %'")
For Each objSoftware in colJava6dot
objSoftware.Uninstall()
Next
'Uninstall Java(TM) 7 *
Set colJava7 = objWMIService.ExecQuery("Select * from Win32_Product Where
Name like 'Java(TM) %'")
For Each objSoftware in colJava7
objSoftware.Uninstall()
Next
From: David Lum [mailto:[email protected]]
Sent: Tuesday, August 28, 2012 11:54 AM
To: NT System Admin Issues
Subject: RE: 0 Day in Java 1.7 up to Version 6
Ugh. Can it be done via GPO?
From: Kennedy, Jim [mailto:[email protected]]
Sent: Monday, August 27, 2012 3:42 PM
To: NT System Admin Issues
Subject: RE: 0 Day in Java 1.7 up to Version 6
I suggest we all do something on this one. The exploit is already out on
SET, so it is child's play now to exploit it. (pun intended)
_____
From: Ziots, Edward [[email protected]]
Sent: Monday, August 27, 2012 4:14 PM
To: NT System Admin Issues
Subject: RE: 0 Day in Java 1.7 up to Version 6
I would make a recommendation.
If you have an IPS, then utilize it to do a lot of egress filtering for
known networks that are hosting these exploits and just flat block the Class
C networks. I know its cut down a lot on what I am seeing on my IPS.
A lot of times web filter and AV are going to miss it, or one might catch it
if its too late. But definitely of the exploits and the methods I have
looked at, they are targeting Java Heavily.
Z
Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
[email protected]
From: N Parr [mailto:[email protected]]
Sent: Monday, August 27, 2012 3:59 PM
To: NT System Admin Issues
Subject: RE: 0 Day in Java 1.7 up to Version 6
I've been trying to keep everything latest and greatest because I've had at
least 3 cases in the past few months where GFI has had to disinfect clients
with fake AV type infections on them. They said the infiltration point was
through JRE6 which was at the latest update available at the time. So
you're SOL either way if your web filter and antivirus both miss it. Only
thing you can do is take it off which doesn't fly around here.
_____
From: Carl Houseman [mailto:[email protected]]
Sent: Monday, August 27, 2012 2:30 PM
To: NT System Admin Issues
Subject: RE: 0 Day in Java 1.7 up to Version 6
Hmm, out of concern for compatibility, I've kept GPO-installed client
systems at JRE 6 (update 33 is the latest needed for security patches).
Looks like that was a good call and I don't have to worry about this
particular problem, at least not yet. But it will be interesting to see if
Oracle's Java group recognize the seriousness of this and issue an interim
update before the scheduled quarterly update.
Carl
From: Ziots, Edward [mailto:[email protected]]
Sent: Monday, August 27, 2012 2:44 PM
To: NT System Admin Issues
Subject: 0 Day in Java 1.7 up to Version 6
Importance: High
Heads up on the Java Front. 0 day
Attackers Pounce on Zero-Day Java Exploit - Krebs on Security:
http://krebsonsecurity.com/2012/08/attackers-pounce-on-zero-day-java-exploit
/
Cross Post from the Internal Security Discussion list at Microsoft. (Thanks
to Ms Bradley the SBS queen J)
Already emailed the handlers at SANS to hopefully update the ISC page to
spread the word.
Z
Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
[email protected]
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
