Welcome to the BigFix Blog, where you can read the perspectives from network and service assurance experts. This Blog provides insights into the endpoint management solution, as well as technical details about specific IBM products.
There's currently no known patch to the problem and the only mitigation is to disable or uninstall java on endpoints. We just wanted to point out that by default, BigFix users already have a good way of disabling Java for IE via taking advantage of the Windows Registry Wizard that comes with all deployments. We wanted to give our users a quick overview of how to use the wizard to disable java for IE in light of this zero day exploit. Keep in mind this doesn't disable java completely on the endpoint but it should disable it in IE.
If you look online there's plenty of ways of disabling java:
A setting of 0 disables javascript and a setting of 1 re-enables it.
Here's a screenshot of the registry wizard: (under All Content -> Wizards -> Windows Registry Wizard)
After you specify that you want to specify a registry value and you've specified what platforms you want the task to run on, all you have to do is enter the right information in the wizard like so:
And out pops a task ready to disable java for IE for your endpoints:
In this example an older java version was used in the regkey but the same process will apply to the latest Java stuff (the latest jre version is 10.10.2).
Of course, when an actual patch for this exploit comes out we will create content for this patch. Hopefully this helps folks!