Keep me posted Sam if you will. Especially interested how this goes if the source files are no longer available..say they were installed on a network share that no longer exists.
________________________________ From: Sam Cayze [[email protected]] Sent: Tuesday, August 28, 2012 4:46 PM To: NT System Admin Issues Subject: RE: 0 Day in Java 1.7 up to Version 6 Even better, uninstall it via GPO :) (If applicable in your environment, yada yada yada). Testing this out now… '###########Script Written By Dylan Ogle & Nainesh Bhavan - November 2011########## 'Start Script On Error Resume Next strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") 'Uninstall Java 2 Runtime Environment, J2SE Runtime Environment Set colJava4dot3 = objWMIService.ExecQuery("Select * from Win32_Product Where Name like 'Java 2 Runtime Environment Standard Edition %'") For Each objSoftware in colJava4dot3 objSoftware.Uninstall() Next 'Uninstall Java 2 Runtime Environment, J2SE Runtime Environment Set colJava4dot3 = objWMIService.ExecQuery("Select * from Win32_Product Where Name like 'J2SE Runtime Environment %'") For Each objSoftware in colJava4dot3 objSoftware.Uninstall() Next 'Uninstall Java 2 Runtime Environment, SE * Set colJava4dot3 = objWMIService.ExecQuery("Select * from Win32_Product Where Name like 'Java 2 Runtime Environment, SE %'") For Each objSoftware in colJava4dot3 objSoftware.Uninstall() Next 'Uninstall Java(TM) 6 Update * Set colJava6dot = objWMIService.ExecQuery("Select * from Win32_Product Where Name like 'Java(TM) 6 Update %'") For Each objSoftware in colJava6dot objSoftware.Uninstall() Next 'Uninstall Java(TM) 7 Update * Set colJava6dot = objWMIService.ExecQuery("Select * from Win32_Product Where Name like 'Java(TM) 7 Update %'") For Each objSoftware in colJava6dot objSoftware.Uninstall() Next 'Uninstall Java(TM) 7 * Set colJava7 = objWMIService.ExecQuery("Select * from Win32_Product Where Name like 'Java(TM) %'") For Each objSoftware in colJava7 objSoftware.Uninstall() Next From: David Lum [mailto:[email protected]] Sent: Tuesday, August 28, 2012 11:54 AM To: NT System Admin Issues Subject: RE: 0 Day in Java 1.7 up to Version 6 Ugh. Can it be done via GPO? From: Kennedy, Jim [mailto:[email protected]] Sent: Monday, August 27, 2012 3:42 PM To: NT System Admin Issues Subject: RE: 0 Day in Java 1.7 up to Version 6 I suggest we all do something on this one. The exploit is already out on SET, so it is child's play now to exploit it. (pun intended) ________________________________ From: Ziots, Edward [[email protected]] Sent: Monday, August 27, 2012 4:14 PM To: NT System Admin Issues Subject: RE: 0 Day in Java 1.7 up to Version 6 I would make a recommendation. If you have an IPS, then utilize it to do a lot of egress filtering for known networks that are hosting these exploits and just flat block the Class C networks. I know its cut down a lot on what I am seeing on my IPS. A lot of times web filter and AV are going to miss it, or one might catch it if its too late. But definitely of the exploits and the methods I have looked at, they are targeting Java Heavily… Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> From: N Parr [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Monday, August 27, 2012 3:59 PM To: NT System Admin Issues Subject: RE: 0 Day in Java 1.7 up to Version 6 I've been trying to keep everything latest and greatest because I've had at least 3 cases in the past few months where GFI has had to disinfect clients with fake AV type infections on them. They said the infiltration point was through JRE6 which was at the latest update available at the time. So you're SOL either way if your web filter and antivirus both miss it. Only thing you can do is take it off which doesn't fly around here. ________________________________ From: Carl Houseman [mailto:[email protected]] Sent: Monday, August 27, 2012 2:30 PM To: NT System Admin Issues Subject: RE: 0 Day in Java 1.7 up to Version 6 Hmm, out of concern for compatibility, I've kept GPO-installed client systems at JRE 6 (update 33 is the latest needed for security patches). Looks like that was a good call and I don't have to worry about this particular problem, at least not yet. But it will be interesting to see if Oracle's Java group recognize the seriousness of this and issue an interim update before the scheduled quarterly update. Carl From: Ziots, Edward [mailto:[email protected]] Sent: Monday, August 27, 2012 2:44 PM To: NT System Admin Issues Subject: 0 Day in Java 1.7 up to Version 6 Importance: High Heads up on the Java Front… 0 day Attackers Pounce on Zero-Day Java Exploit — Krebs on Security: http://krebsonsecurity.com/2012/08/attackers-pounce-on-zero-day-java-exploit/ Cross Post from the Internal Security Discussion list at Microsoft. (Thanks to Ms Bradley the SBS queen :)) Already emailed the handlers at SANS to hopefully update the ISC page to spread the word… Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
