Oracle’s Latest Critical Patch Update: What’s included and what you need to know!
What is it?
Each quarter, Oracle releases a Critical Patch Update (CPU) bundle with a multitude of important patches, ranging from bugs to security fixes. Data Intensity recommends all customers apply these fixes in a regular cadence to reduce risks and help keep your environment secure and stable.
What’s important in this release?
Our evaluation of the July 2019 CPU identified some very important fixes.
- 319 vulnerabilities, in addition to previously released patches, across the Oracle product range. (Should be applied as soon as possible.)
- 46% open-source components used within Oracle products (eg: Oracle HTTP Server uses Apache)
- 49.21% non-Oracle vulnerabilities
- 96 listed as high or critical on the CVSS Scores (between 7 and 10)
- 9 new vulnerabilities (Highest of which scores 9.8 – Critical)
- Enterprise Manager/Grid Control
- 12 new vulnerabilities — 10 are remotely exploitable without authentication, (highest score in 9.8 out of 10!)
- Fusion Middleware
- 33 new vulnerabilities — 28 are remotely exploitable without authentication, (highest score in 9.8 out of 10!)
- Note: Fusion Middleware is often exposed to the internet so is often the highest risk. This patch update includes the two recent 9.8 alerts for WebLogic. It is important to note that WebLogic is often embedded in other Oracle products so these may also be vulnerable e.g. Oracle Enterprise Manager, Oracle Exadata and Oracle VM Manager, all have upgrades released to overcome these vulnerabilities.
- Oracle E-Business Suite
- 13 new vulnerabilities — 12 (92%) are remotely exploitable with authentication (Highest score in 9.6 – Critical (Oracle Field Sales), next highest is 9.1 - Critical (Oracle Payments))
- MySQL: 43 new security fixes
Ready to start patching?
To contact Data Intensity for more information regarding the application of these critical patches, use the contact form below.