Oracle October Update has patches for over 387 Vulnerabilities
Take action: We can't give a straightforward advice on this advisory. Over 380 patches across a lot of product families requires a lot of review and testing. Especially since the patches are available only for customers with advanced support packages. It's wise for the engineering teams to take out the time to review the advisory.
Learn More
The most recent Oracle Critical Patch Update includes a total of 387 security patches that cover various product families. While the company doesn't disclose detailed vulnerability analysis, it does provide an Advisory and related documentation. These resources outline the type of vulnerability, the conditions under which it can be exploited, and its potential impact. This information enables customers to perform their own risk assessments specific to their products.
The patches provided in the Critical Patch Update program are specifically for Premier and Extended Support product versions. Oracle advises customers to consider upgrading to supported versions to ensure continued access to patches.
Oracle now includes updates for non-exploitable vulnerabilities in third-party components below the product's risk matrix.
Given the potential threat posed by cyberattacks, Oracle strongly urges customers to apply the security patches from the Critical Patch Update as soon as possible.
Prior to patch application, customers can reduce risk by blocking certain network protocols or by revoking privileges and access to specific packages. However, it's important to note that both of these approaches may impact application functionality.
Therefore, thorough testing on non-production systems is recommended. It's also essential to understand that neither of these approaches provides a long-term solution as they do not address the underlying root issue.
