For first time, Oracle announces quarterly patch plans

By

Oracle today announced it will offer 52 security fixes in Tuesday's scheduled quarterly patch release.


This marks the first time the database giant has offered a peek into its scheduled security updates in hopes of helping "customers plan for their forthcoming patching effort," Duncan Harris, senior director of security assurance, said Thursday on the Oracle Global Product Security Blog.

The "pre-release announcement" is similar to the approach Microsoft takes five days before its so-called Patch Tuesdays, delivered the second Tuesday of each month.

The brunt of the patches - 27 - is scheduled for Oracle Database vulnerabilities, 10 of which can be remotely exploited without user authentication. Another 12 fixes are slated for Oracle Application Server flaws, eight of which are open to remote attack.

Fixes also will be issued for the E-Business Suite, Enterprise Manager and PeopleSoft Enterprise solutions.

The new notification initiative follows a decision in October by Oracle to use the Common Vulnerability Scoring System (CVSS) to rate bugs, identify those flaws that are critical and remotely exploitable, and include a "high-level" overview of each defect and fix - again similar to Microsoft's approach.

Oracle has made efforts to improve communication with customers over security issues. At the start of last year, the company analyst-oracle-not-ball was heavily criticised within the industry because of the large numbers of fixes it was issuing, for delaying the release of other fixes and for not recommending necessary workarounds.

Click here to email reporter Dan Kaplan.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Log In

  |  Forgot your password?