Oracle issues 389 patches with January 2024 update
Take action: This is another huge patch package. Nearly 390 patches across a lot of product families requires a lot of review and testing. It's wise for the engineering teams to take out the time to review the advisory.
Learn More
Oracle released its first Critical Patch Update (CPU) for 2024, introducing 389 new security fixes, including many for critical-severity issues. The patches address around 200 distinct CVEs, including vulnerabilities exploitable remotely by unauthenticated attackers.
- Financial Services Applications has 71 updates, 54 of which cater to flaws exploitable without authentication.
- Communications (55 patches – 43 for remotely exploitable, unauthenticated flaws)
- Communications Applications (43 patches – 25 for remotely exploitable, unauthenticated flaws),
- MySQL (40 patches – 12 for remotely exploitable, unauthenticated flaws),
- Fusion Middleware (39 patches – 29 for remotely exploitable, unauthenticated flaws)
- E-Business Suite (19 patches – 14 for remotely exploitable, unauthenticated flaws)
- Analytics (17 patches – 11 for remotely exploitable, unauthenticated flaws)
- Java SE (13 patches – 11 for remotely exploitable, unauthenticated flaws)
- Enterprise Manager (12 patches – 11 for remotely exploitable, unauthenticated flaws)
- Hyperion (11 patches – 10 for remotely exploitable, unauthenticated flaws)
- JD Edwards (9 patches – 6 for remotely exploitable, unauthenticated flaws)
- Systems (9 patches – 3 for remotely exploitable, unauthenticated flaws)
Oracle emphasized the importance of applying these patches promptly due to ongoing reports of exploits in the wild, but hasn't provided details of exploiting.
