Ready, Set, Patch Your Oracle Software
On Tuesday, Oracle is set to release a bevy of patches for Oracle Database and a handful of other Oracle software.
July 14, 2008
On Tuesday, Oracle is set to release a bevy of patches for Oracle Database and a handful of other Oracle software.The patch update is part of Oracle's quarterly patch cycle, and the affected products go beyond its database and include its Oracle TimesTen In-Memory Database, Oracle Application Server, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne, as well as Oracle BEA Products.
First, the good news: None of the 11 patches slated for Oracle databases fix vulnerabilities that are remotely exploitable. That is, attackers must be logged in to conduct an attack. Now the not-so-good news: Nine fixes for Oracle Application Server can be exploited by hackers who are not logged in. The same is true for a number of the updates on deck for Oracle WebLogic Server.
Oracle's Critical Patch Update (CPU) Pre-Release Announcement is available here. The Oracle quarterly patch cycle started about four years ago, as a way for Oracle to help lower the cost and aggravation associated with applying software patches.
While many of these vulnerabilities have been rated as critical, it's not likely that most organizations will rush to patch. Early this year database security vendor Sentrigo asked a few hundred Oracle database professionals if they have ever installed an Oracle CPU and 67.5% said they had never applied an Oracle CPU.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024