Oracle yesterday deployed 78 different security fixes aimed at patching holes throughout its various database products.
As part of the company’s January critical patch update, 16 of the 78 fixes were considered critical, meaning they could be exploited remotely. The fixes stretched across much of Oracle’s product lineup, including Oracle Database Server, Fusion Middleware, E-Business Suite, Oracle Sun products, MySQL, VirtualBox, and PeopleSoft.
One of the patches addresses a huge flaw that would compromise the safety of Oracle database systems. to begin with researched by InfoWorld, the flaw was once shared with Oracle earlier than the tech newsletter went reside with the news, giving the company sufficient time to increase a fix.
Due to the possibility of a remote attack, Oracle is advising its customers to apply the fixes as soon as possible, especially since the workaround would be more trouble than it’s worth.
Until you apply the CPU fixes, it may be imaginable to scale back the risk of successful attack via blocking community protocols required by means of an assault, the corporate said in its advisory. For assaults that require certain privileges or get right of entry to to positive applications, eliminating the privileges or the facility to get entry to the programs from users that wouldn’t have the privileges may assist scale back the danger of successful assault.
But Oracle cautioned that these approaches could break the functionality of the database application and urged customers to test these changes on non-production system. Further, neither approach should be considered a long-term solution as neither corrects the underlying problem, added the company.
Either way, database administrators have plenty of work cut out for them.
Qualys Chief Technology Office Wolfgang Kandek has devised a plan of action for IT admins who need to patch their database systems.
We recommend addressing vulnerabilities on systems that are Internet accessible first, Kandek said in a blog. Most most probably this will mean fixing Weblogic/Apache and Solaris vulnerabilities first, followed by MySQL. Oracle RDMBS can probably be addressed remaining as those programs tend to be installed in internal networks or smartly firewalled if they are connected to the web at all. A good map of your network will help in determining where to start.