Forum Thread: Important! Secunia applied permanent fixes to help you patch Orac...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:

This thread has been marked as locked.
This user no longer exists Important! Secunia applied permanent fixes to help you patch Oracle Java
Secunia Official 19th Apr, 2013 08:48
Ranking: 25
Posts: 173
User Since: 1st Jan, 1970
System Score: N/A
Location: Copenhagen, DK
Last edited on 19th Apr, 2013 08:58

Dear Customers,

We are happy to publically announce that Secunia has created Oracle Java packages to install as smoothly as possible under almost all circumstances. Oracle Java patches built into the Secunia Package System (SPS) are no longer expected to preform unexpected and unwanted installation failures. Please find a brief review of what we have done below:

What caused issues previously?
Oracle Java patches build into the SPS failed to install on random Clients when an old copy of Java was running on the local system.
This particular problem occurred because the Windows OS locked the old copy of Java that is running as a process on the local system.
(Return Code 32 / 0x80070643 -> "The process cannot access the file because it is being used by another process")

What were the consequences for local users?
-------------------------------------------------- --------------
Below is a list of the awkward behavior experienced as a consequence of the Windows lockout problem:

1. Java patch reboots the Client system unexpectedly - this problem is estimated to have a large impact on users' work.
2. Java patch uninstalls the old Java copy and fails to install itself - Java would need to be re-installed.
3. Java patch installs itself on the local system, but it fails to uninstall the previous copy of Java - the system remains vulnerable.

What did Secunia do to resolve this issue?
-------------------------------------------------- -------------------
Secunia cannot prevent Windows OS from locking running processes and application instances or workaround this behavior.
What we have done, however, is safeguarded the installation in terms of preventing failure consequences.
Furthermore, we ensured that you can seamlessly install Java patches that failed to install earlier.

The SPS packages for Oracle Java now include a built-in mechanism that checks whether Java is running on the local system. In a scenario where the old copy of Java is indeed running locally at the time of applying your SPS Oracle Patch, the installer will now fail with fixed error code 20 / 32, right before executing the original vendor installer that is embedded in the SPS.exe. This prevents the occurrence of unexpected and unwanted issues. In addition, the SPS patch for Oracle Java remains available for installation in Windows Update at any time after the failure.

When an expected failure occurs (Error 20 / 32), you can proceed to install the failed package in two ways:

1. Killing the running Oracle Java process allows you immediately to proceed with successful installation of Java.
2. System Shutdown at the end of the working day will ensure the successful installation of the Java patch in a completely unattended manner.

Customers can be confident that Oracle Java patches built into the Secunia CSI will be successfully deployed to Clients in all circumstances, even on occasions when all requirements for a failure are present.
Patches that failed to install in the first installation attempt remain applicable and pending for installation in Windows Update. During System Shutdown, the patches are installed automatically in an unattended manner.

Kind Regards / Stay Secure
/Rosen Danailov
Secunia Customer Support

No one has replied to this thread yet - be the first
This thread has been marked as locked.