navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: EMET and Sun/Oracle Java installer

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
libove EMET and Sun/Oracle Java installer
Member 17th Jun, 2011 09:36
Ranking: 31
Posts: 71
User Since: 12th Feb, 2008
System Score: N/A
Location: N/A
This is just an FYI for anyone who has trouble installing or updating Sun/Oracle Java (whether manually or via PSI or other automated tools).

Some Java Runtime installers (for example, JRE 6u26 32-bit, but not JRE 6u26 64-bit) crash on systems with Microsoft's Enhanced Mitigation Experience Toolkit (EMET) with very little indication of why, and nothing logged to show you that EMET was involved. I've not debugged it all the way down to a specific EMET setting, but I think that the JRE installer trips on systemwide enforced DEP protection.

So, if you can't get Java to install/update, and your experience is that the Java installer simply stops (and then, maybe, you get a "This app might not have installed correctly" popup), check whether you have EMET installed on your system with mandatory enforcement of the various protections.

I'm conservative from a security point of view - meaning that I tend to prefer a little more security even in the face of some usability challenges (*some* challenges, not an unlimited quantity!). So I run EMET and I set it to be as locked down as it can be. This means that, irregularly but definitely on several Java versions/updates, I've hit this problem.

I hope that this entry helps someone who runs in to the Java installer EMET wall, and saves them some of the time that I've wasted more than once until I remembered the situation :-)

Cheers,
Jay Libove, CISSP, CIPP, CIPP/IT, CISM

Anthony Wells RE: EMET and Sun/Oracle Java installer
Expert Contributor 17th Jun, 2011 14:59
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello Jay ,

I was making sure that there were no problems using the PSI's prompted auto-update of JRE update 26 32 bit on my XP SP3 and the system "looped?!" out at "waiting to complete" ; so after some 24 hours and fiddling now and then I ran the manual update from the Java website successfully , but had to reset the PSI which had display problems , as per my first post here :-

http://secunia.com/community/forum/thread/show/951...

I do not use EMET (atm) but I have DEP set to "all programmes and services" (my translation from French) . I don't know if that helps you with your research .

Thanks for the input , much appreciated in that even I could understand it :))

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+