Oracle Critical Patch Update
This blog contains information regarding the Oracle Critical Patch Update. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
T-Update
This blog contains information regarding the Oracle Critical Patch Update. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Update October 19, 2021
11:00 | Four times a year, Oracle releases a patch update, which fixes (critical) vulnerabilities in their products. On the 19th of October 2021, the most recent patch update was released. Remarkable is the number of vulnerabilities with a high CVSS-score or which are relatively easy to exploit.
In total, Oracle solved 418 vulnerabilities with the October update. The vulnerabilities are spread over 32 products. For 11 of these products a vulnerability with a CVSS-score of 9.8 or higher was solved! The CVSS scale runs for 0 till 10. A score of 9.8 or higher is rare and implies a high risk of exploiting with a high impact.
In addition, a significant number of vulnerabilities can be exploited via the network without authentication required. This makes exploiting of the vulnerability easy accessible.
Detail information with regards to the vulnerabilities is currently limited.
Background
Oracle has published an article that lists the affected products and versions. The advice is to check whether you are using these products and to install the available updates. It is recommended to install the patch if it is available for your product(s). When a patch is not available for a given vulnerability, the following general advice applies: Apply a work-around, if provided by a supplier; Restrict network access to the system until a patch is available.
Risk
Details regarding the vulnerabilities are not released yet, as is (large-scale) exploiting of certain vulnerabilities. However, with the release of the patches, cyber criminals usually also gain insight into the adjustments that have been made, and thus the possible vulnerabilities in the software. This increases the chance of exploiting the vulnerabilities.
Advice
Sources
More information:Oracle Critical Patch Update Pre-Release Announcement – October 2021
Sign up to receive T-Updates
Receive the latest vulnerabilities in your email every Wednesday
More than 1,000 organisations have already joined us.
