Java Zero Day: Disable Java on IE with the Windows Registry Wizard
liuhoting 270004JWWE Comment (1) Visits (15469)
Currently there is an active zero day Java exploit out in the wild:
There's currently no known patch to the problem and the only mitigation is to disable or uninstall java on endpoints. We just wanted to point out that by default, BigFix users already have a good way of disabling Java for IE via taking advantage of the Windows Registry Wizard that comes with all deployments. We wanted to give our users a quick overview of how to use the wizard to disable java for IE in light of this zero day exploit. Keep in mind this doesn't disable java completely on the endpoint but it should disable it in IE.
If you look online there's plenty of ways of disabling java:
What we're going to do is tweak these registry key settings:
Here's a screenshot of the registry wizard: (under All Content -> Wizards -> Windows Registry Wizard)
After you specify that you want to specify a registry value and you've specified what platforms you want the task to run on, all you have to do is enter the right information in the wizard like so:
And out pops a task ready to disable java for IE for your endpoints:
In this example an older java version was used in the regkey but the same process will apply to the latest Java stuff (the latest jre version is 10.10.2).
Of course, when an actual patch for this exploit comes out we will create content for this patch. Hopefully this helps folks!