As there are always security patches and updates to be done for applications on endpoints I thought it was a good idea to create a instruction on the removal of old Java software and leave only the latest version. See for instance this article on a lot of vulnerable software that Java has fixed:

https://www.oracle.com/security-alerts/cpujul2023.html

Most Java applications will work with updated versions of Java. However some applications may break because of security related changes in Java software.

Create a folder with the contents of the executable (for instance jre-8u381-windows-x64.exe) or similar Java version you want installed in your environment

Create a new install.cmd with the following contents:

WMIC product where "Name LIKE 'Java%%'" call uninstall /nointeractive
jre-8u381-windows-x64.exe /s

Create a uninstall.cmd and use the code below

WMIC product where "Name LIKE 'Java%%'" call uninstall /nointeractive

When the install.cmd is used it will remove all Java applications from the endpoint and install the latest version silent.

All that is left to be done is to create the .intunewin file of the folder with its content and upload it in to Intune.

For the detection rule you can use what you prefer best, it is possible to use the registry entry of Java or the executable in the Java Program Files location. (File location: C:\Program Files\Java\jre-1.8\bin\java.exe)

Possible registry Entry location to use:

Keypath: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{77924AE4-039E-4CA4-87B4-2F64180381F0}
ValueName: DisplayName
Detection Method: String
Comparison Operator: Equals
Value: Java 8 Update 381 (64-bit)

If you liked this post, learned some new things or this article helped you out please think about giving a one time donation at the Donation Page to keep the site online!