Hi Team
We are working Java Vulnerability but I'm not able to find the correct relevance for the fixlet for Java jdk
I'm trying to Upgrade the JDK to Current Version could you help on the same
Action script
prefetch 47d78b1f2dcd2242cb120f7b9c2a6e53637cef12 sha1:47d78b1f2dcd2242cb120f7b9c2a6e53637cef12 size:208077715 http://bigfix-sfo.internal.salesforce.com:52311/Uploads/47d78b1f2dcd2242cb120f7b9c2a6e53637cef12/jdk-8u231-windows-i586.exe.tmp sha256:4869eb52906794275afe5b8519fc31537518b28238b1c58ca1cda30002c7a06d
extract 47d78b1f2dcd2242cb120f7b9c2a6e53637cef12
prefetch b2bb957e6d1f116895e9848fdfb9edf4373895b2 sha1:b2bb957e6d1f116895e9848fdfb9edf4373895b2 size:41213 http://bigfix-sfo.internal.salesforce.com:52311/Uploads/b2bb957e6d1f116895e9848fdfb9edf4373895b2/msizap.exe.tmp sha256:ce1c087eb8eaa86dfe720cdaed25124d405452ab72ff4a9e44d9d1beff42de34
extract b2bb957e6d1f116895e9848fdfb9edf4373895b2
parameter "javaexe" = "jdk-8u231-windows-i586.exe"
delete "{pathname of windows folder & "\Temp\msizap.exe"}"
copy "{(pathname of client folder of current site) & "\__Download\msizap.exe"}" "{pathname of windows folder & "\Temp\msizap.exe"}"
waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill java /a" else "taskkill /F /IM java.exe"}
waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill javaw /a" else "taskkill /F /IM javaw.exe"}
waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill javaws /a" else "taskkill /F /IM javaws.exe"}
waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill iexplore /a" else "taskkill /F /IM iexplore.exe"}
waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill firefox /a" else "taskkill /F /IM firefox.exe"}
waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill Chrome /a" else "taskkill /F /IM chrome.exe"}
//delete __appendfile
appendfile @ECHO OFF
appendfile {concatenation "%0d%0a" of ((("start /w msiexec /X " & name of it as string & " /QN /NORESTART") of keys whose (((value "DisplayName" of it as string as lowercase starts with "java" or value "DisplayName" of it as string as lowercase starts with "j2se runtime environment" ) and((value "DisplayName" of it as string as lowercase contains "development kit" or value "DisplayName" of it as string as lowercase contains "sdk" or value "DisplayName" of it as string as lowercase contains "jdk")) and (name of it starts with "{"))) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry)as string)}
delete uninstallJRE.bat
copy __appendfile uninstallJRE.bat
run "{pathname of client folder of site "BESSupport"}\RunQuiet.exe" uninstallJRE.bat
parameter "start6" = "{now}"
pause while {now < ( (( parameter "start6" of action ) as time ) + 10* second)}
parameter "start3" = "{now}"
pause while {now < ( (( parameter "start3" of action ) as time ) + 300* second) and (exists running application whose (name of it = ("cmd.exe")))}
if {(exists running application "cmd.exe")}
waithidden taskkill /F /IM cmd.exe
waithidden taskkill /F /IM msiexec.exe
endif
if {exists keys whose (((value "DisplayName" of it as string as lowercase starts with "java" or value "DisplayName" of it as string as lowercase starts with "j2se runtime environment" ) and((value "DisplayName" of it as string as lowercase contains "development kit" or value "DisplayName" of it as string as lowercase contains "sdk" or value "DisplayName" of it as string as lowercase contains "jdk")) and (name of it starts with "{"))) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry}
delete __appendfile
appendfile @ECHO OFF
//Run MSI zap on the GUIDS
appendfile {concatenation "%0d%0a" of ((("start /w c:\windows\temp\msizap.exe T " & name of it as string) of keys whose (((value "DisplayName" of it as string as lowercase contains "development kit" or value "DisplayName" of it as string as lowercase contains "sdk" or value "DisplayName" of it as string as lowercase contains "jdk")) and (name of it starts with "{"))) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry)as string)}
//Remove Java Directories
//if {exists value "INSTALLDIR" of keys of keys of key "HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment" of registry}
//appendfile {concatenation "%0d%0a" of ((("rd /q /s " & "%22" & value "INSTALLDIR" of it as string & "%22") of keys of keys of key "HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment" of registry)as string)}
//endif
appendfile rd /q /s "C:\Program Files (x86)\Java"
appendfile rmdir "C:\Program Files (x86)\Java" /s /q
delete uninstallJRE2.bat
copy __appendfile uninstallJRE2.bat
delete __appendfile
appendfile REGEDIT4
appendfile [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft]
appendfile [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JreMetrics]
//delete uninstall key
appendfile {concatenation "%0d%0a" of ((("[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" & name of it as string & "]") of keys whose (((value "DisplayName" of it as string as lowercase contains "development kit" or value "DisplayName" of it as string as lowercase contains "sdk" or value "DisplayName" of it as string as lowercase contains "jdk")) and (name of it starts with "{"))) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry)as string)}
//regdelete [HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft]
delete sfdcreg.reg
copy __appendfile sfdcreg.reg
run "{pathname of client folder of site "BESSupport"}\RunQuiet.exe" uninstallJRE2.bat
parameter "start5" = "{now}"
pause while {now < ( (( parameter "start5" of action ) as time ) + 10* second)}
parameter "start4" = "{now}"
pause while {now < ( (( parameter "start4" of action ) as time ) + 300* second) and (exists running application whose (name of it = "cmd.exe"))}
if {(exists running application "cmd.exe")}
waithidden taskkill /F /IM cmd.exe
waithidden taskkill /F /IM msiexec.exe
endif
Action uses wow64 redirection false
wait regedit -s sfdcreg.reg
endif
//Put your script here to install java if that is your plan
// Note: update .exe will restart service automatically
if{exists running service "JavaQuickStarterService"}
delete __appendfile
delete stop_javaquickstarter.bat
appendfile net stop JavaQuickStarterService
move __appendfile stop_javaquickstarter.bat
waithidden stop_javaquickstarter.bat
endif
waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill java /a" else "taskkill /F /IM java.exe"}
waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill javaw /a" else "taskkill /F /IM javaw.exe"}
waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill javaws /a" else "taskkill /F /IM javaws.exe"}
waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill iexplore /a" else "taskkill /F /IM iexplore.exe"}
waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill firefox /a" else "taskkill /F /IM firefox.exe"}
waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill Chrome /a" else "taskkill /F /IM chrome.exe"}
//if it is win2k/2k3/xp system, just invoke the .exe installer
if {(name of it contains "Win2000" or name of it contains "WinXP" or name of it contains "Win2003") of operating system}
run __Download\(parameter "javaexe") /s
else
// Remove any existing directory junction point
dos %windir%\syswow64\cmd.exe /C fsutil reparsepoint delete "%windir%\syswow64\config\systemprofile\appdata\locallow\sun\java"
// delete java directory in 32bit version of system32, if any
dos rmdir /q /s "%windir%\syswow64\config\systemprofile\appdata\locallow\sun\java"
//create a java folder under system32 folder if not exists
if {not exist folder (system folder as string &"\config\systemprofile\appdata\locallow\sun\java")}
action uses wow64 redirection false
dos mkdir "%windir%\system32\config\systemprofile\appdata\locallow\sun\java"
endif
// create ntfs junction point from 32bit version of system32 java files to sysnative version
// (NOTE: mklink argument seems to be in native path perspective, so system32 is correct here, not sysnative)
action uses wow64 redirection false
dos mklink /J "%windir%\syswow64\config\systemprofile\appdata\locallow\sun\java" "%windir%\system32\config\systemprofile\appdata\locallow\sun\java"
// Finally, try to install java...
action uses wow64 redirection false
run "{pathname of windows folder & "\syswow64\cmd.exe"}" /C __Download\{parameter "javaexe"} /s
endif
parameter "start" = "{now}"
pause while {now < ( (( parameter "start" of action ) as time ) + 10* second)}
parameter "start1" = "{now}"
pause while {now < ( (( parameter "start1" of action ) as time ) + 300* second) and (exists running application whose (name of it = (parameter "javaexe")))}
if {(exists running application (parameter "javaexe"))}
waithidden taskkill /F /IM {parameter "javaexe"}
waithidden taskkill /F /IM msiexec.exe
endif
parameter "start2" = "{now}"
pause while {now < ( (( parameter "start2" of action ) as time ) + 10* second)}
delete __appendfile
delete sfdcreg.reg
appendfile REGEDIT4
appendfile {concatenation "%0d%0a" of ("[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\" & name of it & "]") of keys whose (name of it starts with "@java.com") of key "HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins" of x64 registry}
delete sfdcreg.reg
copy __appendfile sfdcreg.reg
Action uses wow64 redirection false
wait regedit -s sfdcreg.reg
delete __appendfile
delete sfdcreg.reg
appendfile REGEDIT4
appendfile {concatenation "%0d%0a" of ("[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\" & name of it & "]") of keys whose (name of it starts with "@java.com") of key "HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins" of registry}
delete sfdcreg.reg
copy __appendfile sfdcreg.reg
Action uses wow64 redirection true
wait regedit -s sfdcreg.reg
Revelance
exists value "DisplayVersion" whose ((it = "8" and it < "8.0.910") of (it as string as version)) of keys whose ((((it contains "java" OR it contains "j2se") and (it contains "development kit" or it contains "sdk"))) of (value "DisplayName" of it as string as lowercase) AND value "DisplayVersion" of it as string as version >= "1.4.2") of key "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall" of registry or exists value "DisplayVersion" whose ((it < "8") of (it as string as version)) of keys whose ((((it contains "java" OR it contains "j2se") and (it contains "development kit" or it contains "sdk"))) of (value "DisplayName" of it as string as lowercase) AND value "DisplayVersion" of it as string as version >= "1.4.2") of key "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall" of registry
Please help me with Relevance