Oracle has kicked off 2017 with its largest Oracle Critical Patch Update (CPU) ever, fixing 270 vulnerabilities across a range of products and services.
This follows on from its October update – which was previously its biggest with 253 vulnerabilities fixed – and the record July update which comprised 276 patches.
This quarter’s CPU includes patches for more than 100 vulnerabilities that could previously be exploited by a remote attacker, most commonly over the HTTP protocol.
“The focus has shifted from Database and Java SE to critical business applications,” an ERPScan blog post explains. “This quarter’s CPU contains numerous patches for vulnerabilities affecting a scope of the most crucial business applications from Oracle, namely, Oracle E-Business Suite, Oracle Fusion Middleware, Oracle PeopleSoft, Oracle Retail Applications, Oracle JD Edwards, Oracle Supply Chain Products, Oracle Database Server.
About 58 percent (158) of all of the patch updates close vulnerabilities in the aforementioned products”
According to Qualys, 20 percent of the patches are related to financial applications, followed by Oracle applications and MySQL with 18 percent and 15 percent respectively.
At the other end of the scale, both Sun Solaris and Virtual Box received four patches apiece, while the Oracle database received just 2.
“Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes,” the company says.
“In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.”
It has been a busy couple of months for Oracle, with the company acquiring domain name service provider Dyn, pledging £1.1bn for computer science education in the EU and announcing a new London cloud region.
The only dark spot has been the resignation of senior executive George Polisner after co-CEO Safra Catz confirmed her support of President-elect Donald Trump.
Quiz: Test your knowledge of Oracle’s history, software and controversies
The cyber risk facing UK “widely underestimated”, warns head of GCHQ’s NCSC Richard Horne in…
Lawsuit filed in London against Microsoft alleges customers using rival cloud services, have to pay…
Judge in Delaware for the second time rules against the record-breaking $56 billion pay package…
Beijing bans exports to US of key materials after Biden administration imposes more restrictions on…
New round of US semiconductor export restrictions designed to hamper Beijing's capacity to produce high-end…
Lender KfW is to be reimbursed by the German government more than €600 million ($629…