subject: Oracle Announces Mega Critical Patch Update [print this page] Oracle is set to issue security patches for 66 vulnerabilities under its first Critical Patch Update for the year. The latest patch addresses vulnerabilities in Oracle Database Server, Secure Backup, audit vault, fusion middleware, enterprise manager grid control, Oracle applications, industry applications, supply chain products suite, PeopleSoft and JDEdwards suite, Sun products and open office. Many developers rank vulnerabilities as critical, high and medium risk vulnerabilities. Oracle uses Common Vulnerability Scoring System (CVSS) scoring to rate the vulnerabilities.
The vulnerabilities related to audit vault, JRockit, Solaris and Weblogic Server received the highest score of 10. A remote attacker can exploit the vulnerability in audit vault bypassing any authentication requirements. More than half of the 66 vulnerabilities addressed by Oracle are exploitable by remote attackers without entering any authentication parameters. The patch addresses 21 vulnerabilities associated with various Sun products. The vulnerabilities affect VM virtual box, Solaris, java system portal server, java system communication system java system message queue and SunMC among others. Often, ethical hacker certified professionals detect vulnerabilities in products and applications. The huge security patch by Oracle is in sheer contrast to light security patch announced by Microsoft on the first second Tuesday of the year.
Exploitation of vulnerabilities adversely affects the confidentiality, availability and integrity of data and disrupts the services provided by the affected application. Attackers may gain unauthorized access to privileged databases associated with the compromised applications. Online computer training is crucial to educate employees on the possible implications of a data breach. Awareness of safe computing practices, precautionary measures, incident handling and first responder procedures may help in reducing security breach incidents.
The proactive nature of threats in the IT environment makes it inevitable for IT professionals to constantly upgrade their skills by attending workshops, undertaking security certifications, keeping track of the developments in IT security, sophisticated attack mechanisms used by offenders and security advisories by developers. The combination of technical know-how and awareness of latest threats may help professionals pre-empting threats and securing the IT apparatus of an organization.
