Java- a name that strikes annoyance into the hearts of sysadmins everywhere. With the recent rash of 0-day exploits affecting it, there has been a lot of media attention focused on patching Java. It can be said that many users spend more time patching Java then using it. Fortunately for Java however, it doesn't get lonely- there's plenty of exploit code available to run right from the sketchy torrent site your users like to visit. The most secure method of fixing this problem would be to disable Java entirely, but likely you are unable to do this without generating a ton of helpdesk calls / breaking internal applications. And for your admin systems, none of those legacy admin consoles will work any longer. (And by admin console, I mean Minecraft.) For the rest of us, we need to patch Java. If you are relying on Java auto updates to sort this mess out: A) you are a brave soul B) systems on your network are sending me unsolicited offers of knock-off handbags as we speak. There are many good solutions for patching Java, like <shameless plug> SolarWinds Patch Manager </shameless plug> but let's focus on step 1: finding out what systems on our network are vulnerable. If you have DameWare DRS installed, you can use the Exporter function to make this a quick and easy task.
First let's open Exporter, and select the machines we want to poll from the populated AD list (or import your own), and check "Software" under "Standard properties":
Then we change to CSV format, and export to a single file
And let's start the fun:
Once complete, open the resulting CSV file in a spreadsheet application of your choosing, and we can locate any systems that may not be in compliance. The Excel geeks amongst us will note a pivot table would make short work of the analysis, but let's use a quick sort to find the machines with unpatched Oracle versions:
Compare the results against the latest Oracle security bulletin: http://www.oracle.com/technetwork/topics/security/alerts-086861.html
SPOILER ALERT: Virtually every version of 7 earlier than 7 U11 is impacted, and at the time of this writing there is at least one unpatched vulnerability.
Armed with this latest information, you can set about the fun task of remediating these errant systems, and your boss can stop asking you about this "Java thing." Just leave some extra time to fix all the apps the update just broke.
We feel your pain.