Oracle to issue 41 security patches
Vulnerabilities, of which 15 are severe, are across 'hundreds' of its products
More than 15 of those patches address flaws that were described by the company as being remotely executable without the need for authentication -- a class of vulnerability to which Oracle usually assigns its highest severity rating. Of these, nine are slated for Oracle Secure Backup, two for its Application Server product and five for its BEA Product Suite.
The company's Critical Patch Update next week will also include fixes for 10 vulnerabilities in its database products. None of these exploits, however, can be taken advantage of remotely without the attacker having access to a username and password first, the company said.
Among the affected products that were listed by Oracle in its pre-announcement were multiple versions of its database going back to Oracle database 9i, its E-business suite products and several versions of Oracle's WebLogic Server and Portal products.
The number of patches being released by Oracle in this round is about the same as the last quarter, when the company issued 36 security fixes.
By Oracle's standards those number are relatively small. There have been occasions when the company has issued considerably more patches in its quarterly updates. Its January 2006 update had 82 patches, while the same year's October update had 101.
As with every release, Oracle is imploring administrators to install the patches as soon as possible. But if history is any indication, a large number of the database patches, at least, are unlikely to be installed in a hurry.
A study of 305 database administrators released in January 2008 by security vendor Sentrigo Inc. found that two-thirds of those surveyed did not install Oracle's security patches at all, no matter how critical the vulnerabilities were.
Most appeared to be reluctant to bring production environments down for any length of time to implement security patches and were also concerned about the possibility of the fixes breaking applications.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts