Categories: Security

Oracle Dishes Out 270 Patches In SecondBiggest Security Update Ever

Oracle has kicked off 2017 with its largest Oracle Critical Patch Update (CPU) ever, fixing 270 vulnerabilities across a range of products and services.

This follows on from its October update – which was previously its biggest with 253 vulnerabilities fixed – and the record July update which comprised 276 patches.

This quarter’s CPU includes patches for more than 100 vulnerabilities that could previously be exploited by a remote attacker, most commonly over the HTTP protocol.

Patched up

“The focus has shifted from Database and Java SE to critical business applications,” an ERPScan blog post explains. “This quarter’s CPU contains numerous patches for vulnerabilities affecting a scope of the most crucial business applications from Oracle, namely, Oracle E-Business Suite, Oracle Fusion Middleware, Oracle PeopleSoft, Oracle Retail Applications, Oracle JD Edwards, Oracle Supply Chain Products, Oracle Database Server.

About 58 percent (158) of all of the patch updates close vulnerabilities in the aforementioned products”

According to Qualys, 20 percent of the patches are related to financial applications, followed by Oracle applications and MySQL with 18 percent and 15 percent respectively.

At the other end of the scale, both Sun Solaris and Virtual Box received four patches apiece, while the Oracle database received just 2.

“Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes,” the company says.

“In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.”

It has been a busy couple of months for Oracle, with the company acquiring domain name service provider Dyn, pledging £1.1bn for computer science education in the EU and announcing a new London cloud region.

The only dark spot has been the resignation of senior executive George Polisner after co-CEO Safra Catz confirmed her support of President-elect Donald Trump.

Quiz: Test your knowledge of Oracle’s history, software and controversies

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

Meta Building Fastest AI Supercomputer In The World

Facebook building the world’s fastest AI supercomputer to help detect and moderate offensive posts and…

2 hours ago

Nvidia Preparing To Abandon $40bn ARM Acquisition – Report

Facing many regulatory probes and lawsuits, Nvidia tells its partners it is preparing to abandon…

4 hours ago

Vodafone To Switch Off 3G Network Next Year

Mobile operators press ahead with early retirement of old networks, as Vodafone sets 2023 deadline…

6 hours ago

Online Safety Bill Is A ‘Missed Opportunity,’ MPs Warn

DCMS committee says draft version of landmark online safety bill is not robust or clear…

7 hours ago

Julian Assange Wins Right To Ask Supreme Court For Extradition Appeal

Another twist. Julian Assange wins right to ask UK's Supreme Court if it will hear…

7 hours ago

ICO Disagrees With Government-Backed Encryption Campaign

UK data protection watchdog, the ICO, says encryption provides protections for children, after government-backed campaign…

8 hours ago