Oracle often releases security updates on a quarter basis. However, there was never one that is as large as this. Market specialists started to criticize this from the moment the news appeared. It was highlighted that when Charles Phillips was Oracle’s president this did not happen even if the number of acquisitions done there was pretty huge. Now we see Oracle offering hot fixes for over 80 products and highlighting fixes for an “impressive” 276 vulnerabilities.
Now we are faced with the largest CPU (Critical Patch Update) released by Oracle. In most cases the flaws were at around the 150 mark, according to information offered by Qualys, security vendor. Unfortunately, now we see that 159 of the securities that are to be fixed can actually be exploited without an authentication in a remote way.
Oracle highlights that the Java patches are those that are the most important. There are 13 vulnerabilities that need to be fixed as soon as possible. At the moment we see Java being used in hundreds of thousands of applications. It is also installed on millions of systems. According to Waratek CTO of application security, John Matthew Holt, the costumers of Oracle need to quickly apply the CPU patches related to Java as this is vital for security purposes. One of the facts that can be exemplified include HotSpot Java patches for both servers and desktops. These did receive a pretty high Common Vulnerabilities Scoring System score at the moment.
We also see the Database Server from Oracle receiving patches for a worrying list of 9 vulnerabilities. All of them are actually critical, getting a CVSS score of 9 out of 10. Even Oracle MySQL database will get fixes for many new security problems. However, in this case we only have 4 that have a very high severity rating at the moment. Databases will not normally appear online but we need to realize that this is where most firms keep important data. Fixes in this case are of a really high priority for every single smart business manager.
The other thing that we should mention is that the companies need to be attentive when looking at the assets that are related to Oracle and that can be attacked directly from the online world. This includes application and web servers like WebLogic, Oracle HTTP and even GlassFish, all being a part of the Fusion Middleware suite. The Fusion Middleware components and products got fixes for 35 flaws. 5 of these are going to be seen as critical, with a 9.8 score, which is unacceptable if left unattended.
Many other Oracle problems are fixed with the securities patch that was recently released. It is highly recommended that everyone dealing with Oracle services applies the patches in a really short period of time. If this does not happen, something is going to eventually break in business operations. Oracle is at an all-time low with these security problems highlighted now but this does not mean that they were not solved, which is what is important.