Oracle Announces Monster Critical Patch Update, Plans to Address 78 Security Flaws

Recently, Oracle made pre-release announcement for the upcoming quarterly Critical Patch Update. The developer will address 78 vulnerabilities associated with various products and components in the security update. Some of the affected products include Database Server, Fusion Middleware, Application Server, Secure Backup, E-Business Suite, People Soft, Sun Products Suite and enterprise manager among hundreds of Oracle products. The security update contains 13 fixes for the Oracle Database server. Oracle has assigned the highest severity rating of 10 to some of the vulnerabilities associated with Oracle Secure Backup, Fusion Middleware and Sun Products Suite. The developer assigns scores on the basis of Common Vulnerability Scoring System (CVSS) version 2.0. The values provided by the developer on the prerequisites for exploiting a security flaw, ease of exploit and the impact of an attack on availability, confidentiality, and integrity forms basis for the scores developed by CVSS matrix.

27 of the 78 security flaws are remotely exploitable by the attackers over the network without using login credentials. Two of the vulnerabilities associated with Oracle Database Server affect client-only installations. 23 of the security fixes are applicable to various components of the Sun Products Suite such as VM VirtualBox, GlassFish Server, Solaris, SPARC T3 and Sun Blade Server Series among others.
Oracle follows a quarterly cycle of Critical Patch Update. Beginning this year, Oracle started releasing the update on Tuesday closest to 17th of January, April, July and October. The developer follows a different quarterly cycle for Java SE updates.

Lack of proper patch management is one of the major factors, which allow attackers to exploit vulnerabilities and gain unauthorized access to organizational networks and computer systems. Organizations must have appropriate patch management policy in place. Professionals qualified in IT degree programs may help organizations in identification, prioritization and timely and cost-effective implementation of security updates and patches.

Employee negligence and non-adherence to basic tenets of cyber security such as use of strong, non-dictionary and unique passwords also allow attackers to gain unauthorized access and higher privileges to computers. Organizations must train employees on security fundamentals, password construction and management through e-learning programs and online IT courses. Huddle sessions, training programs, and e-mail alerts may also help employees in acquainting themselves of latest security threats and preventive measures.

Organizations must also cater to the training requirements of IT professionals. They must encourage professionals to undertake security certification and online IT degree programs to improve their technical skills and know-how. IT professionals must create security conscious culture among employees of IT and non-IT related departments to strengthen the defenses against cyber-intrusions.

Contact Press

EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

Processing your request, Please wait....