Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Remove old JRE! InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Remove old JRE!

Published: 2007-01-22
Last Updated: 2007-01-27 23:38:38 UTC
by Adrien de Beaupre (Version: 2)
0 comment(s)

As new versions of the Sun Java JRE keep coming out to address security vulnerabilities do NOT forget to remove the old versions. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run, update the applications and then update the JRE, and then remove the old JRE versions.  Why? A Java applet can request which version of JRE it wishes to use, that's why.


UPDATE 26/01/2007

Readers Jim and John both wrote in to let us know that  since 1.5.0_06 Sun has changed the way Applets and applications can specify the Java version to run.

More information here.

And here.

How to.

Corporate silent install/uninstall (Thanks Andrew!)

Active Directory Deployment.

BTW: "The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system"  released today. Either permanently disable Java AND Jscript in your browser(S) or keep as close an eye on JRE versions as you do Microsoft Windows patches.

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1

Cheers, Adrien de Beaupré

The US-CERT info linked to in the Diary says;
Systems Affected
Sun Java Runtime Environment versions
a.. JDK and JRE 5.0 Update 9 and earlier
b.. SDK and JRE 1.4.2_12 and earlier
c.. SDK and JRE 1.3.1_18 and earlier
Update at;
http://java.com/en/download/index.jsp

BSSI/Cinnabar

 

Keywords:
0 comment(s)
Diary Archives