Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: insecure but still waiting for "scheduled update"
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Programs
|
Relating to this vendor: Oracle Corporation |
And, this specific program: Oracle Java JRE 1.7.x / 7.x |
| taffy078 | insecure but still waiting for "scheduled update" |
|---|---|
 |
9th May, 2012 18:22 |
|
Ranking: 399 Posts: 1,200 User Since: 26th Feb, 2009 System Score: 100% Location: UK |
Hi. After having installed 19 Microsoft updates on my XP desktop, I checked my Win7 laptop. There were only a couple so I installed them. Then PSI scanned and reported that both of my Oracle Java programs were vulnerable - it showed I had v 7.0.10.8 and v.7.0.20.13 (64 bit). Both were showing as "update scheduled". But that was at 7 am UK time. It's now 5.15 pm and they haven't been updated. Is there a problem that has stopped the automatic update process or do I simply not understand how the automatic aupdates are run? -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
| mogs | RE: insecure but still waiting for "scheduled update" | ||||||||
|
9th May, 2012 21:34 | ||||||||
| Score: 2163 Posts: 5,916 User Since: 22nd Apr 2009 System Score: 100% Location: UK |
Hello taffy ! As follows is a copy/note I kept of a reply to a similar question :- The Auto-updates are scheduled as soon as the PSI becomes aware that you are missing a patch (ie. when you run scan). However, to prevent the PSI from disturbing your workflow, it will perform a check before installing: such as whether or not the program is running, or a certain file is locked. This should prevent auto-updates from interfering with normal program usage. Hope this helps. Kind regards, Emil R. Petersen Could it be that you've had the program in use ? -- |
||||||||
|
|||||||||
| tingwing | RE: insecure but still waiting for "scheduled update" | ||||||||
|
10th May, 2012 03:38 | ||||||||
| Score: 0 Posts: 1 User Since: 10th May 2012 System Score: N/A Location: CN |
thank you... | ||||||||
|
|||||||||
| taffy078 | RE: insecure but still waiting for "scheduled update" | ||||||||
|
|
10th May, 2012 09:05 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
Hi Mogs. How are you? Bored now that the snow has gone?!! ;o) I've just powered up my lapytop - still no updates. I know from many earlier occasions here that the older JRE stuff should still be there because older programs might still use them; they will have had any earlier vulnerabilities corrected. I also recall some weeks ago that a JRE update appeared in a FileHippo Update check; it may have been these. But they were shown as 'for use by developers', weren't security risks and so didn't get picked up by PSI. My problem is that I've no idea what program(s) use(s) this JRE.. The only program that was running yesterday and also now is PSI. Does PSI use this JRE? If not, how can I check which of my programs use it, please? -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| Maurice Joyce | RE: insecure but still waiting for "scheduled update" | ||||||||
|
10th May, 2012 10:27 | ||||||||
| Score: 10542 Posts: 8,120 User Since: 4th Jan 2009 System Score: 100% Location: UK Last edited on 10th May, 2012 10:28 |
U should not be storing old versions of JAVA on a PC. See this & note the Oracle advice in red ink. http://java.com/en/download/faq/remove_olderversio... Why have U got JAVA installed? It is not required by Windows. If a programme ever requires it a warning will appear on the screen notifying U to install it. Secunia OSI uses JAVA as does Open Office. As an example, I have not had JAVA installed for years. At no time have I ever been requested to install JAVA to use or see something except the odd test with OSI. Entirely a personal choice but my advice would be to purge JAVA from a PC & see what happens. Many good Security minded vendors are supporting this excellent advice: http://krebsonsecurity.com/2010/10/java-a-gift-to-... Hope this helps & excuse spelling edit. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 SP1 16GB RAM |
||||||||
|
|||||||||
| taffy078 | RE: insecure but still waiting for "scheduled update" | ||||||||
|
|
11th May, 2012 09:58 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK Last edited on 11th May, 2012 09:59 |
thank you Maurice. My Java problems also happened last October & November: http://secunia.com/community/forum/thread/show/116... http://secunia.com/community/forum/thread/show/117... (This thread opened a can of worms, especially re the FileHippo Update Checker. It was recommending updating to v7 which at that time was effectively a beta version although not flagged as such. And it was on their forum and others that I saw that keeping older versions of JRE was sometimes necessary.) However, I will follow your advice. I will remove Java using Revo and see what other programs subsequently demand that I need it! Fingers crossed yet again. -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| mogs | RE: insecure but still waiting for "scheduled update" | ||||||||
|
|
11th May, 2012 10:10 | ||||||||
| Score: 2163 Posts: 5,916 User Since: 22nd Apr 2009 System Score: 100% Location: UK |
@taffy Morning ! I didn't answer as soon as able, as Maurice had given you a full reply. I too have managed without Java for some considerable time...and havn't missed it. By far the most "dangerous" prog. to be using. Just in the last few days put another post on CClips concerning....you may have read post 48 this month ? :- So many recent exploits have used Java as their attack vector, you might conclude Java should be shown the exit Have done a few miles since the snows.....close shaves most mornings as well !! -- |
||||||||
|
|||||||||
| Maurice Joyce | RE: insecure but still waiting for "scheduled update" | ||||||||
|
|
11th May, 2012 10:25 | ||||||||
| Score: 10542 Posts: 8,120 User Since: 4th Jan 2009 System Score: 100% Location: UK Last edited on 11th May, 2012 10:26 |
As a test on what happens try pressing the OSI scan button.. Just click Cancel to the information box but do not download JAVA. That will give U a clue as to what happens when a programme "calls on" JAVA to work in the future. Did U use Revo Pro traced method? If not some JAVA elements may remain. Right click start>Open Windows Explorer>C>Program Files>Common Files & look for Sun then look in Program Files>Sun Do the same in Program Files(x86) Right click & delete any Sun or Java entries. Although U should not see any entries DO NOT get confused & delete anything named JAVASCRIPT. U are now perfectly safe so the above actions are a minor clean up operation that can be ignored. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 SP1 16GB RAM |
||||||||
|
|||||||||
