For first time, Oracle announces quarterly patch plans

By

Oracle today announced it will offer 52 security fixes in Tuesday's scheduled quarterly patch release.


This marks the first time the database giant has offered a peek into its scheduled security updates in hopes of helping "customers plan for their forthcoming patching effort," Duncan Harris, senior director of security assurance, said Thursday on the Oracle Global Product Security Blog.

The "pre-release announcement" is similar to the approach Microsoft takes five days before its so-called Patch Tuesdays, delivered the second Tuesday of each month.

The brunt of the patches - 27 - is scheduled for Oracle Database vulnerabilities, 10 of which can be remotely exploited without user authentication. Another 12 fixes are slated for Oracle Application Server flaws, eight of which are open to remote attack.

Fixes also will be issued for the E-Business Suite, Enterprise Manager and PeopleSoft Enterprise solutions.

The new notification initiative follows a decision in October by Oracle to use the Common Vulnerability Scoring System (CVSS) to rate bugs, identify those flaws that are critical and remotely exploitable, and include a "high-level" overview of each defect and fix - again similar to Microsoft's approach.

Oracle has made efforts to improve communication with customers over security issues. At the start of last year, the company analyst-oracle-not-ball was heavily criticised within the industry because of the large numbers of fixes it was issuing, for delaying the release of other fixes and for not recommending necessary workarounds.

Click here to email reporter Dan Kaplan.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Researchers demo AI-crippling GPUHammer attack

Researchers demo AI-crippling GPUHammer attack

Qantas obtains court order to prevent third-party access to stolen data

Qantas obtains court order to prevent third-party access to stolen data

Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks

Log In

  |  Forgot your password?