Oracle Critical Patch Update provides 508 security patches (yes, you read that right)
Take action: It's very possible that your organization has one of the huge pile of Oracle applications. Talk to the business owners to plan for a patch. Expect heavy resistance since nobody likes to have downtime and risk of breaking of an application. Explain to the business owners that over 350 of these security patches fix vulnerabilities that can be exploited remotely without any credentials - so all it takes is a single mistake in configuration to expose their vulnerable application. Are they willing to bet their system no no mistakes ever?
Learn More
Oracle announced its July 2023 Critical Patch Update (CPU), which includes a total of 508 new security patches. Among these patches, more than 75 are dedicated to addressing critical-severity vulnerabilities.
The successful exploitation of some of these vulnerabilities could lead to complete compromise of the application or system.
Over 350 of the security patches are designed to tackle vulnerabilities that can be exploited remotely without requiring authentication. Some of these flaws have the potential to impact multiple products, as mentioned in Oracle's advisory.
- Oracle Financial Services received the highest number of patches in this quarterly security update, totaling 147. Of the resolved vulnerabilities, 115 are susceptible to exploitation by remote, unauthenticated attackers with network access.
- Oracle Communications receives 77 security patches for Communications, with 57 of them being remotely exploitable without authentication.
- Oracle Fusion Middleware received 60 security patches, including fixes for 40 remotely exploitable, unauthenticated bugs.
- Additionally, Communications Applications, Analytics, and MySQL received multiple fixes.
Oracle also released patches for other products, including Utilities Applications, Supply Chain, Retail Applications, Java SE, PeopleSoft, Siebel CRM, Commerce, Enterprise Manager, Construction and Engineering, E-Business Suite, JD Edwards, and more.
