Categories: Security

Oracle Dishes Out 270 Patches In SecondBiggest Security Update Ever

Oracle has kicked off 2017 with its largest Oracle Critical Patch Update (CPU) ever, fixing 270 vulnerabilities across a range of products and services.

This follows on from its October update – which was previously its biggest with 253 vulnerabilities fixed – and the record July update which comprised 276 patches.

This quarter’s CPU includes patches for more than 100 vulnerabilities that could previously be exploited by a remote attacker, most commonly over the HTTP protocol.

Patched up

“The focus has shifted from Database and Java SE to critical business applications,” an ERPScan blog post explains. “This quarter’s CPU contains numerous patches for vulnerabilities affecting a scope of the most crucial business applications from Oracle, namely, Oracle E-Business Suite, Oracle Fusion Middleware, Oracle PeopleSoft, Oracle Retail Applications, Oracle JD Edwards, Oracle Supply Chain Products, Oracle Database Server.

About 58 percent (158) of all of the patch updates close vulnerabilities in the aforementioned products”

According to Qualys, 20 percent of the patches are related to financial applications, followed by Oracle applications and MySQL with 18 percent and 15 percent respectively.

At the other end of the scale, both Sun Solaris and Virtual Box received four patches apiece, while the Oracle database received just 2.

“Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes,” the company says.

“In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.”

It has been a busy couple of months for Oracle, with the company acquiring domain name service provider Dyn, pledging £1.1bn for computer science education in the EU and announcing a new London cloud region.

The only dark spot has been the resignation of senior executive George Polisner after co-CEO Safra Catz confirmed her support of President-elect Donald Trump.

Quiz: Test your knowledge of Oracle’s history, software and controversies

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

UK Underestimates Threat Of Cyber-Attacks, Says NCSC Head

The cyber risk facing UK “widely underestimated”, warns head of GCHQ’s NCSC Richard Horne in…

12 hours ago

Microsoft Faces £1 Billion Lawsuit For Alleged Overcharging

Lawsuit filed in London against Microsoft alleges customers using rival cloud services, have to pay…

14 hours ago

Elon Musk $56 Billion Pay Deal Rejected, Again

Judge in Delaware for the second time rules against the record-breaking $56 billion pay package…

15 hours ago

China Bans Exports Of Gallium, Germanium, Antimony

Beijing bans exports to US of key materials after Biden administration imposes more restrictions on…

17 hours ago

US Announces New Export Controls On China’s Chip Sector

New round of US semiconductor export restrictions designed to hamper Beijing's capacity to produce high-end…

19 hours ago

Germany Shoulders €600 Million Of Northvolt Debt

Lender KfW is to be reimbursed by the German government more than €600 million ($629…

20 hours ago