Oracle has released its October 2024 Critical Patch Update (CPU), addressing a staggering 334 security vulnerabilities across its vast product portfolio.
This quarterly update, the fourth and final of 2024, underscores the ongoing importance of cybersecurity vigilance for organizations relying on Oracle technologies.
The CPU impacts 28 different Oracle product families, with patches covering a wide range of severity levels. Of particular concern are the 35 critical updates, which address 16 vulnerabilities with the highest risk ratings.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)
The Critical Patch Update contains new security patches for the following Oracle product families.
- MySQL
- Fusion Middleware
- Database
- Enterprise Manager
- Supply Chain Products
- Financial Services Applications
- Communications
- Retail Applications
- Utilities Applications
- PeopleSoft
- Siebel
These critical flaws could potentially allow remote code execution or other severe compromises if left unpatched.
Out of the 334 patches, 61 address vulnerabilities that may be remotely exploitable without authentication. The highest CVSS score reported in this Critical Patch Update is 9.8. Some of the notable vulnerabilities fixed include:
- 25 new security patches for Oracle Database Server, 2 of which may be remotely exploitable without authentication.
- 7 new security patches for Oracle Fusion Middleware, 4 of which may be remotely exploitable without authentication.
- 18 new security patches for Oracle Communications Applications, with 1 being remotely exploitable without authentication.
- 16 new security patches for Oracle MySQL, 9 of which may be remotely exploitable without authentication.
Oracle Database, the company’s flagship product, received 6 new security patches. Two of these vulnerabilities are remotely exploitable without authentication, posing a significant risk to exposed systems.
Security researchers and organizations worldwide contributed to identifying these vulnerabilities. Oracle’s security advisory acknowledges numerous individuals and teams for their responsible disclosure efforts.
Oracle strongly recommends that customers apply these critical patches as soon as possible.
The company warns that it continues to receive reports of active exploitation attempts against previously patched vulnerabilities, emphasizing the importance of timely updates.
For organizations using Oracle products, this CPU requires immediate attention:
- Assess which of your Oracle deployments are affected by the patched vulnerabilities.
- Prioritize the installation of critical patches, especially those addressing remotely exploitable flaws.
- Plan for potential downtime or service interruptions during the patching process.
- Verify successful patch applications and monitor systems for any unexpected behavior.
As cyber threats continue to evolve, staying current with security updates remains a crucial aspect of IT management.
Oracle’s substantial October 2024 CPU reminds us of the ongoing effort required to maintain robust cybersecurity postures in complex enterprise environments.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar