topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Monday March 18, 2024, 10:29 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Java - Critical Patch Released  (Read 7127 times)

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
Java - Critical Patch Released
« on: February 04, 2013, 07:03 PM »
Forget the Super Bowl. Critical Java patch released; update now

Oracle has released a critical Java update that fixes more than 50 security vulnerabilities. Considering the ruckus over the past fortnight, along with repeated warnings from the U.S. Dept. of Homeland Security, you should update Java as soon as possible.

http://www.zdnet.com...pdate-now-7000010732

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Java - Critical Patch Released
« Reply #1 on: February 05, 2013, 12:33 AM »
Thanks for the heads up.

On a related note, the PortableApps.com packaging of JRE seemed up-to-date already:

  http://portableapps.com/apps/utilities/java_portable

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Java - Critical Patch Released
« Reply #2 on: February 10, 2013, 03:21 AM »
Thanks for this alert.
I took the opportunity to expunge all the Java-related crud (there was a lot of it) that I had accumulated on my laptop, and install the latest release and runtime environment in a relatively clean fashion. I hope I don't regret doing that, but then I reckoned (rightly or wrongly) that all that old Java stuff could have been a potential risk if I had left it in situ.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Java - Critical Patch Released
« Reply #3 on: February 10, 2013, 09:17 AM »
Thanks for this alert.
I took the opportunity to expunge all the Java-related crud (there was a lot of it) that I had accumulated on my laptop, and install the latest release and runtime environment in a relatively clean fashion. I hope I don't regret doing that, but then I reckoned (rightly or wrongly) that all that old Java stuff could have been a potential risk if I had left it in situ.

You reckoned correctly.  :) :Thmbsup:

Per Oracle on their Why should I uninstall older versions of Java from my system? page

The latest version of Java is always the recommended version as it contains feature updates, vulnerability fixes and performance improvements to previous versions. You can confirm that you have the latest version by visiting the Java Verification page.

Over time, you may have installed multiple versions of Java to run available Java content. In the past, each Java update was installed in a separate directory on your system. However, Java updates are now installed in a single directory.

Should I uninstall older versions of Java?

We highly recommend users uninstall all older versions of Java from your system.
Keeping old and unsupported versions of Java on your system presents a serious security risk.
Uninstalling older versions of Java from your system ensures that Java applications will run with the most up-to-date security and performance improvements on your system.

You can always use a nice little free utility by SingularLabs called JavaRa to help you maintain Java Runtime on your system. Recommended! :up: :up:

JavaRa.jpg

JavaRa

JavaRa is an effective way to deploy, update and remove the Java Runtime Environment (JRE). Its most significant feature is the JRE Removal tool; which forcibly deletes files, directories and registry keys associated with the JRE. This can assist in repairing or removing Java when other methods fail.

 8)

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,041
    • View Profile
    • Donate to Member
Re: Java - Critical Patch Released
« Reply #4 on: February 10, 2013, 09:24 AM »
40hz, have you used JavaRa?  It sounds useful, but I'd like to know that it won't create problems (e.g., wrong removals from the Registry).  I'd feel more comfortable installing and using it if I knew that you and/or other DC folks had some good experiences with it.  Perhaps I should change my username from cyberdiva to Nervous Nelly  :( 

Krishean

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 75
  • I like pie
    • View Profile
    • Draconis Labs
    • Donate to Member
Re: Java - Critical Patch Released
« Reply #5 on: February 10, 2013, 09:34 AM »
DO NOT USE JavaRa it will break JavaScript in IE (and any embedded browsers that applications use) by deleting registry keys unrelated to Java. It goes after some of the things in the registry that just have java in the name, but are actually part of JavaScript. I found this out the hard way. the specific keys are:

HKCR\JavaScript
HKCR\JavaScript Author
HKCR\JavaScript1.1
HKCR\JavaScript1.1 Author
HKCR\JavaScript1.2
HKCR\JavaScript1.2 Author

Looks like this has been fixed since then: http://forums.lunars...avara-116-now-fixed/
Any sufficiently advanced technology is indistinguishable from magic.

- Arthur C. Clarke

Krishean

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 75
  • I like pie
    • View Profile
    • Draconis Labs
    • Donate to Member
Re: Java - Critical Patch Released
« Reply #6 on: February 10, 2013, 09:45 AM »
I have a batch script that attempts to purge java from your system, and cleanly install whatever version you specify, just place the scripts in the same directory as the JRE installers downloaded from here: http://www.oracle.co...downloads/index.html and update the variables at the top to match whatever version you are installing. This also works when installing from network shares.

install-java.bat:
Code: Text [Select]
  1. @echo off
  2. rem set product=jre6
  3. rem set version=6u39
  4. set product=jre7
  5. set version=7u13
  6. set base=%~dp0
  7. cls
  8. title Java %version% Installer
  9. set /P auth=Continue? (Y/N):
  10. if /I "%auth%" NEQ "Y" goto end
  11. cls
  12. title Removing old versions...
  13. echo Please wait...
  14. cscript /nologo "%base%remove-java.js"
  15.  
  16. ver | find "Version 6." >nul
  17. if "%errorlevel%" == "0" goto v6
  18. ver | find "Version 5." >nul
  19. if "%errorlevel%" == "0" goto v5
  20. echo Unsupported Operating System
  21. pause
  22. exit
  23. rem process folders specific to vista/7
  24. :v6
  25. if exist "%SystemDrive%\Users" (
  26.         setlocal EnableDelayedExpansion
  27.         set ProfileDir=%SystemDrive%\Users
  28.         for /f "tokens=*" %%a in ('dir /b "!ProfileDir!"') do (
  29.                 if exist "!ProfileDir!\%%a\AppData\LocalLow\Sun" (
  30.                         echo.Removing "!ProfileDir!\%%a\AppData\LocalLow\Sun"
  31.                         rmdir /s /q "!ProfileDir!\%%a\AppData\LocalLow\Sun"
  32.                 )
  33.         )
  34.         endlocal
  35. )
  36. if exist "%userprofile%\AppData\LocalLow\Sun" (
  37.         echo.Removing "%userprofile%\AppData\LocalLow\Sun"
  38.         rmdir /s /q "%userprofile%\AppData\LocalLow\Sun"
  39. )
  40. if exist "%SystemDrive%\ProgramData\Sun" (
  41.         echo.Removing "%SystemDrive%\ProgramData\Sun"
  42.         rmdir /s /q "%SystemDrive%\ProgramData\Sun"
  43. )
  44. goto common
  45. rem process folders specific to xp
  46. :v5
  47. if exist "%SystemDrive%\Documents and Settings" (
  48.         setlocal EnableDelayedExpansion
  49.         set ProfileDir=%SystemDrive%\Documents and Settings
  50.         for /f "tokens=*" %%a in ('dir /b "!ProfileDir!"') do (
  51.                 if exist "!ProfileDir!\%%a\Application Data\Sun" (
  52.                         echo.Removing "!ProfileDir!\%%a\Application Data\Sun"
  53.                         rmdir /s /q "!ProfileDir!\%%a\Application Data\Sun"
  54.                 )
  55.         )
  56.         endlocal
  57. )
  58. if exist "%userprofile%\Application Data\Sun" (
  59.         echo.Removing "%userprofile%\Application Data\Sun"
  60.         rmdir /s /q "%userprofile%\Application Data\Sun"
  61. )
  62. :common
  63. if exist "%SystemRoot%\Sun" (
  64.         echo.Removing "%SystemRoot%\Sun"
  65.         rmdir /s /q "%SystemRoot%\Sun"
  66. )
  67. set dj1=%SystemRoot%\system32\deployJava1.dll
  68. if exist "%dj1%" (
  69.         echo.Removing "%dj1%"
  70.         regsvr32 /s /u "%dj1%"
  71.         del /f /q "%dj1%"
  72. )
  73. set npdj1=%SystemRoot%\system32\npdeployJava1.dll
  74. if exist "%npdj1%" (
  75.         echo.Removing "%npdj1%"
  76.         del /f /q "%npdj1%"
  77. )
  78.  
  79. title Java %version% Installing...
  80. rem We always install the x86 version of Java. Note the order of installation. If x86 is installed before x64 some x86 apps do not work.
  81. rem This can be remedied by reinstalling the x86 version, but why encounter the problem? Just install x64 before x86 versions of Java.
  82. if "%PROCESSOR_ARCHITECTURE%"=="amd64" goto x64
  83. if "%PROCESSOR_ARCHITEW6432%"=="amd64" goto x64
  84. :x86
  85. "%base%jre-%version%-windows-i586.exe" /s REBOOT=Suppress IEXPLORER=1 MOZILLA=1
  86. goto clean
  87. :x64
  88. "%base%jre-%version%-windows-x64.exe" /s REBOOT=Suppress IEXPLORER=1 MOZILLA=1
  89. goto x86
  90. :clean
  91. title Cleaning up...
  92. rem remove Java Quick Starter
  93. rem sc stop JavaQuickStarterService
  94. rem sc delete JavaQuickStarterService
  95. net stop JavaQuickStarterService
  96. if exist "%ProgramFiles%\Java\%product%\bin\jqs.exe" "%ProgramFiles%\Java\%product%\bin\jqs.exe" -unregister
  97. if exist "%ProgramFiles(x86)%\Java\%product%\bin\jqs.exe" "%ProgramFiles(x86)%\Java\%product%\bin\jqs.exe" -unregister
  98. rem Remove Java Auto Updater software
  99. msiexec /qn /x {4A03706F-666A-4037-7777-5F2748764D10}
  100. title Java %version% Installed.
  101. pause
  102. :end
  103. @exit

and the accompanying javascript, remove-java.js:
Code: Javascript [Select]
  1. function echo(a){return WScript.Echo(a);}
  2. function exit(a){return WScript.Quit(a);}
  3.  
  4. var Registry=(function(){
  5.        
  6. //      this.HKEY_CLASSES_ROOT          = 0x80000000;
  7. //      this.HKEY_CURRENT_USER          = 0x80000001;
  8.         this.HKEY_LOCAL_MACHINE         = 0x80000002;
  9. //      this.HKEY_USERS                 = 0x80000003;
  10. //      this.HKEY_CURRENT_CONFIG        = 0x80000005;
  11.        
  12. //      this.Types = new Array(
  13. //          '                              ',    // 0
  14. //          'REG_SZ                        ',    // 1
  15. //          'REG_EXPAND_SZ                 ',    // 2
  16. //          'REG_BINARY                    ',    // 3
  17. //          'REG_DWORD                     ',    // 4
  18. //          'REG_DWORD_BIG_ENDIAN          ',    // 5
  19. //          'REG_LINK                      ',    // 6
  20. //          'REG_MULTI_SZ                  ',    // 7
  21. //          'REG_RESOURCE_LIST             ',    // 8
  22. //          'REG_FULL_RESOURCE_DESCRIPTOR  ',    // 9
  23. //          'REG_RESOURCE_REQUIREMENTS_LIST',    // 10
  24. //          'REG_QWORD                    ');    // 11
  25.        
  26.         this.oRegistry=GetObject('winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\default:StdRegProv');
  27.         this.Exec=function(method,hkey,sRegPath,sValueName){
  28.                 var oMethod = this.oRegistry.Methods_(method);
  29.                 var oInParam = oMethod.InParameters.SpawnInstance_();
  30.                 oInParam.hDefKey = hkey;
  31.                 oInParam.sSubKeyName = sRegPath;
  32.                 if(sValueName != null)oInParam.sValueName = sValueName;
  33.                 return this.oRegistry.ExecMethod_(oMethod.Name, oInParam);
  34.         };
  35.         this.EnumKey=function(sRegPath){
  36.                 var oOutParam = this.Exec('EnumKey', this.HKEY_LOCAL_MACHINE, sRegPath);
  37.                 return oOutParam.sNames.toArray();
  38.         };
  39.         this.EnumValues=function(sRegPath){
  40.                 var oOutParam = this.Exec('EnumValues', this.HKEY_LOCAL_MACHINE, sRegPath);
  41.                 var aNames = oOutParam.sNames.toArray();
  42.                 var aTypes = oOutParam.Types.toArray();
  43.                 var ret=[];
  44.                 for(var i=0;i<aNames.length;i++){
  45.                         ret.push({'Name': aNames[i], 'Type': aTypes[i]});
  46.                 }
  47.                 return ret;
  48.         };
  49. //      this.GetDWORDValue=function(sRegPath,sValueName){
  50. //              var oOutParam = this.Exec('GetDWORDValue', this.HKEY_LOCAL_MACHINE, sRegPath, sValueName);
  51. //              return oOutParam.uValue;
  52. //      };
  53. //      this.GetExpandedStringValue=function(sRegPath,sValueName){
  54. //              var oOutParam = this.Exec('GetExpandedStringValue', this.HKEY_LOCAL_MACHINE, sRegPath, sValueName);
  55. //              return oOutParam.sValue;
  56. //      };
  57.         this.GetStringValue=function(sRegPath,sValueName){
  58.                 var oOutParam = this.Exec('GetStringValue', this.HKEY_LOCAL_MACHINE, sRegPath, sValueName);
  59.                 return oOutParam.sValue;
  60.         };
  61.         return this;
  62. })();
  63.  
  64. exit(main());
  65. function main(){
  66.        
  67.         var wshell=WScript.CreateObject('WScript.Shell');
  68.        
  69.         //echo(Registry.EnumKey(sRegPath).join('\n'));
  70.        
  71.         var sRegPath = 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall';
  72.         try{
  73.                 var items = Registry.EnumKey(sRegPath);
  74.         }catch(err){
  75.                 var items = [];
  76.         }
  77.         for(var i=0;i<items.length;i++){
  78.                 //echo(items[i]);
  79.                 try{
  80.                         var props = Registry.EnumValues(sRegPath+'\\'+items[i]);
  81.                 }catch(err){
  82.                         var props = [];
  83.                 }
  84.                 for(var j=0;j<props.length;j++){
  85.                         if(props[j].Name == 'DisplayName'){
  86.                                 var value = Registry.GetStringValue(sRegPath+'\\'+items[i], props[j].Name);
  87.                                 // jre6 and jre7, older versions have to be manually dealt with
  88.                                 if((/^Java(\(TM\))? \d( Update \d+)?$/).test(value)){
  89.                                         wshell.Run('msiexec /qn /norestart /x '+items[i],0,true);
  90.                                 }
  91.                         }
  92.                        
  93.                         /*var v=props[j].Type;
  94.                         switch(props[j].Type){
  95.                                 case 1:
  96.                                         v=Registry.GetStringValue(sRegPath+'\\'+items[i],props[j].Name);
  97.                                         break;
  98.                                 case 2:
  99.                                         v=Registry.GetExpandedStringValue(sRegPath+'\\'+items[i],props[j].Name);
  100.                                         break;
  101.                                 case 4:
  102.                                         v=Registry.GetDWORDValue(sRegPath+'\\'+items[i],props[j].Name);
  103.                                         break;
  104.                                 default:break;
  105.                         }
  106.                         //echo('\t'+props[j].Name + ': ' + v);
  107.                        
  108.                         if(props[j].Name == 'DisplayName' && typeof(v)=='string' &&
  109.                             // jre6 and jre7, older versions have to be manually dealt with
  110.                             (/^Java\(TM\) \d( Update \d+)?$/).test(v)){
  111.                                 echo('msiexec /qn /norestart /x '+items[i]);
  112.                         }*/
  113.                 }
  114.                
  115.         }
  116.        
  117.         // handle 32-bit software installed on a 64-bit system
  118.         var sRegPath = 'SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall';
  119.         try{
  120.                 var items = Registry.EnumKey(sRegPath);
  121.         }catch(err){
  122.                 var items = [];
  123.         }
  124.         for(var i=0;i<items.length;i++){
  125.                 try{
  126.                         var props = Registry.EnumValues(sRegPath+'\\'+items[i]);
  127.                 }catch(err){
  128.                         var props = [];
  129.                 }
  130.                 for(var j=0;j<props.length;j++){
  131.                         if(props[j].Name == 'DisplayName'){
  132.                                 var value = Registry.GetStringValue(sRegPath+'\\'+items[i], props[j].Name);
  133.                                 // jre6 and jre7, older versions have to be manually dealt with
  134.                                 if((/^Java\(TM\) \d( Update \d+)?$/).test(value)){
  135.                                         wshell.Run('msiexec /qn /norestart /x '+items[i],0,true);
  136.                                 }
  137.                         }
  138.                 }
  139.         }
  140.        
  141.         return 0;
  142.        
  143. //      var wmi=GetObject('winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\cimv2');
  144. //      var query='SELECT * FROM Win32_Product';
  145. //      //var query='SELECT * FROM Win32_PhysicalMemory';
  146. //      var en=new Enumerator(wmi.ExecQuery(query));
  147. //      for(en.moveFirst();!en.atEnd();en.moveNext()){
  148. //              var itm = en.item();
  149. //              echo('Name: '+itm.Name);
  150. //              /*var props = new Enumerator(itm.Properties_);
  151. //              for(props.moveFirst();!props.atEnd();props.moveNext()){
  152. //                      var p = props.item();
  153. //                      echo(p.Name + ': ' + p.Value);
  154. //              }*/
  155. //      }
  156. //      return 0;
  157. }
Any sufficiently advanced technology is indistinguishable from magic.

- Arthur C. Clarke

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Java - Critical Patch Released
« Reply #7 on: February 10, 2013, 02:36 PM »
40hz, have you used JavaRa?  It sounds useful, but I'd like to know that it won't create problems (e.g., wrong removals from the Registry).  I'd feel more comfortable installing and using it if I knew that you and/or other DC folks had some good experiences with it.  Perhaps I should change my username from cyberdiva to Nervous Nelly  :(  

@CD- Nope. Maybe Smart Lady but certainly not Nervous Nelly. ;D

And yes, I use it. I don't recommend anything I don't have direct experience with. If I've only read or heard about something - and I'm passing it on as an FYI - I'll always say so.  :Thmbsup:

The new version of JavaRa uses a database and an updater to stay on top of what Oracle gets up to with new Java releases. I haven't had any problems using it either on my own systems or those of my clients.

But it's mostly a convenience tool. You could always just uninstall any old versions of the JRE through Windows' own add/remove programs control panel - and then download and install the newest version from Oracle.

Where JavaRa really does sing, however, is when the JRE balks at being uninstalled. Or if fails to uninstall cleanly - as some versions occasionally do on some machines. JavaRa has the option to scrub out all things JRE,  leaving you with a clean slate to put a fresh copy on.

It's like what's been said about tennis racquets - you don't often need one... but when you do, there's really no direct substitute.

Although now that Krishean has been kind enough to share that script I guess that isn't the case any more. :)

-----
@ Krishean - thx for sharing that. Looks useful. And an interesting script to read through too. :Thmbsup:

« Last Edit: February 10, 2013, 02:41 PM by 40hz »

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,041
    • View Profile
    • Donate to Member
Re: Java - Critical Patch Released
« Reply #8 on: February 10, 2013, 05:54 PM »
Thanks very much, Krishean and 40hz.  I've decided that for now, I don't need JavaRa.   However, I'm glad to know about your script, Krishean. 

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
More Java Patches Due Soon
« Reply #9 on: February 10, 2013, 06:10 PM »
More Java Patches Due Soon

Oracle isn't done releasing patches for Java SE this month, as another batch will arrive on February 19, according to a company blog post.

http://www.pcworld.c...atches-due-soon.html