Home > Uncategorized > Java… yea the sky… it’s falling. (CVE-2013-0422)

Java… yea the sky… it’s falling. (CVE-2013-0422)

Good Morning: Oracle has released 7u11 to patch this problem.

Here’s a great analysis summary and it links to this explicit analysis.

There’s a metasploit exploit available for this CVE, so you should be able to
try a variety of things to protect your systems. I really enjoy the title.

This is of great interest as it relies on Group Policy Preferences to control the
config of JRE. It’s awesome and I love it. The updated article explains using %windir%\Sun\Java\Deployment\deployment.config to deploy a mandatory config and how to use win32_directory to create a WMI filter to only deploy the file to systems where JRE is installed (note this can be done by using item-level targeting via the File preference), which is also very valuable.

Check out some of the settings that are found in deployment.properties.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: