Avoid the latest Java Zero Day by upgrading to Java 7 today

If you have not ready up on the ZDNet and other posts regarding this exploit here is a link to an article talking in more depth.  If you are still on Java 6 you are vulnerable to this Java vulnerability.  Java 7 update 21 and earlier are also exposed.  There is an exploit kit available to hackers for $450 dollars.  They can purchase a way to exploit this vulnerability off the shelf.  This means it is past time to upgrade your Java runtime.

So, Shavlik Protect users, here are some easy steps to create a scan template to allow you to deployupgrade Java 7 update 25 to your machines to ensure they are up to date.

For users on Protect 9.0 the steps are as follows:

  1. Create a new Patch Group by clicking on the +New > Patch Group…
  2. Name the Patch Group “Java 7 Software Distribution”
  3. Click add and sort by QNumber column.  Select QJAVA7U25N and QJAVA7U25X64N and save the patch group.
  4. Click +New > Patch Scan Template… and name it Java 7 Software Distribution
  5. On the Filtering tab uncheck the Patch Type > Security Patches and Patch filter settings set to “Scan Selected” and click the “…” button and select the “Java 7 Software Distribution” patch group.
  6. Click on the “Software Distribution” tab and check the box to enable Software Distribution.  Save the scan template.
  7. Scan and Deploy the Java 7 update 25.

The best way to protect against this zero day is to eliminate the presence of Java 6 and this should be an easy way to do so.

Chris Goettl