Critical Patch Update: Oracle releases 389 security updates
In its quarterly update, Oracle has secured Banking Enterprise, MySQL and Solaris, among others, against possible attacks.
(Image: heise online)
Oracle software admins should update their applications quickly; otherwise, attackers can exploit several critical vulnerabilities and completely compromise systems.
Countless gaps
As seen from a comprehensive list, the developers have published a total of 389 security patches for the first quarterly update this year. These patches address security issues from both current and older vulnerabilities. In addition to in-house software, there are also patches for third-party components.
The list suggests that there are important updates for the entire software portfolio. Admins should carefully review the article, identify the products that affect them, and act promptly. They should also ensure that patches from older quarterly updates are installed.
Particularly dangerous
Critical security vulnerabilities affect Communications Applications, Essbase, Financial Services, and Hyperion, among others. In these cases, attacks are usually possible remotely and without authentication. For example, attackers can push malicious code onto systems and execute it or gain higher user rights. In many cases, exploitation should be comparatively simple. Oracle is not currently specifying concrete attack scenarios. It is also unknown whether there are already attacks.
Oracle regularly publishes security updates on a quarterly basis. If there are attacks, they deviate from this cycle and provide emergency updates. The software manufacturer has announced the next critical patch update for April 16, 2024.
(des)
