Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Remove old JRE! - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Remove old JRE!

As new versions of the Sun Java JRE keep coming out to address security vulnerabilities do NOT forget to remove the old versions. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run, update the applications and then update the JRE, and then remove the old JRE versions.  Why? A Java applet can request which version of JRE it wishes to use, that's why.


UPDATE 26/01/2007

Readers Jim and John both wrote in to let us know that  since 1.5.0_06 Sun has changed the way Applets and applications can specify the Java version to run.

More information here.

And here.

How to.

Corporate silent install/uninstall (Thanks Andrew!)

Active Directory Deployment.

BTW: "The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system"  released today. Either permanently disable Java AND Jscript in your browser(S) or keep as close an eye on JRE versions as you do Microsoft Windows patches.

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1

Cheers, Adrien de Beaupré

The US-CERT info linked to in the Diary says;
Systems Affected
Sun Java Runtime Environment versions
a.. JDK and JRE 5.0 Update 9 and earlier
b.. SDK and JRE 1.4.2_12 and earlier
c.. SDK and JRE 1.3.1_18 and earlier
Update at;
http://java.com/en/download/index.jsp

BSSI/Cinnabar

 

Adrien de Beaupre

353 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!