Shaun Gorman
asked on
Protecting against Java zero-day vulnerability, and methods for patching or protecting non-Microsoft products
Hi,
the company I am with has received an email from TrendMicro talking up Java zero-day vulnerability saying disable Java until a patch comes out. Unless (hook) you install blah blah to protect yourself. We do run antivirus but it is a Trend product and they don't think it is good enough to protect against this threat.
My company has asked me to investigate.
Thoughts?
I would want to have a pretty good business case to warrant spending the money Trend are asking for the next level up.
I guess part of this question is what my attitude to patching other products like Java should be.
I am just implementing WSUS for Microsoft products but that doesn't patch anything other than Microsoft.
Any thoughts on patching Non-Microsoft products in general, and in particular what to do about the Java zero-day vulnerability in general?
Thanks in advance,
Shaun
the company I am with has received an email from TrendMicro talking up Java zero-day vulnerability saying disable Java until a patch comes out. Unless (hook) you install blah blah to protect yourself. We do run antivirus but it is a Trend product and they don't think it is good enough to protect against this threat.
My company has asked me to investigate.
Thoughts?
I would want to have a pretty good business case to warrant spending the money Trend are asking for the next level up.
I guess part of this question is what my attitude to patching other products like Java should be.
I am just implementing WSUS for Microsoft products but that doesn't patch anything other than Microsoft.
Any thoughts on patching Non-Microsoft products in general, and in particular what to do about the Java zero-day vulnerability in general?
Thanks in advance,
Shaun
ASKER
Hi again, I have been researching a little more and I have found Ninite Pro to manage a network for updates. It does Java and a heap of other things. It also does fresh installs and silent installs. Anyone had any luck with this program or any similar?
Thanks,
Shaun
Thanks,
Shaun
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
We would not want to to fall into Sony foot step
http://www.h-online.com/security/news/item/Sony-fined-Lb250-000-for-2011-PlayStation-Network-breach-Update-1790549.html
.....Access to the network was gained through a vulnerability and ICO found that the administrators of the network had previously failed to address the vulnerability despite the availability of updates that would have closed the hole.
http://www.h-online.com/security/news/item/Sony-fined-Lb250-000-for-2011-PlayStation-Network-breach-Update-1790549.html
.....Access to the network was gained through a vulnerability and ICO found that the administrators of the network had previously failed to address the vulnerability despite the availability of updates that would have closed the hole.
shaunwoy---If you need Java for company operations, install the latest
http://java.com/en/download/manual.jsp
Go to Control Panel|Java and then the Security tab. You will see a slider to increase security as well as a box to Enable/Disable Java.
If you do not need it, uninstall whatever Java now installed.
The web media offer lots of articles that say some malware vulnerabilities are still present in the Java 7 update 11. So you have to choose.
http://java.com/en/download/manual.jsp
Go to Control Panel|Java and then the Security tab. You will see a slider to increase security as well as a box to Enable/Disable Java.
If you do not need it, uninstall whatever Java now installed.
The web media offer lots of articles that say some malware vulnerabilities are still present in the Java 7 update 11. So you have to choose.
ASKER
Thanks jcimarron,
We do need it and as it happens on servers. And the more I read up on it seems the latest update has the vulnerability and sadly the software for Avamar doesn't run without the latest version.
We do need it and as it happens on servers. And the more I read up on it seems the latest update has the vulnerability and sadly the software for Avamar doesn't run without the latest version.
ASKER
http://itguru82-sccm.blogspot.co.uk/2012/08/java-updates-using-wsussccm.html
It seems like a bit of a job though.
I have used Kaseya and ManageEngine before but they are clunky things to use and don't always work that well for patch management.
Any thoughts on patch management vs Antivirus and Firewall protection?
Thanks,
Shaun