Oracle Critical Patch Update Preview: April 2020 CPU could top 400 patches, a double-digit year-over-year increase

By April 10, 2020 Alerts, Blog, Patching, Technical

The April Oracle 2020 Critical Patch Update (CPU) could see a 37% increase in software patches across the Oracle product suite based on a pre-release of the quarterly update due on Tuesday, April 14th.  Oracle is projecting the final April CPU could include as many as 405 patches compared to 297 in the same patch update in 2019.


* Based on Oracle April 2020 CPU Pre-release. Final patches may vary.

Other highlights of the pre-release include:

  • Thirteen (13) Oracle products may include patches for CVEs with a CVSS 3.0 base score of 9.8 on a 10-point scale of severity.
  • One hundred percent (100%) of the Java SE vulnerabilities expected to be patched can be remotely exploited, including flaws in versions as old as Java 7.
  • The April Oracle CPU may contain patches for vulnerabilities in Java SE 14 which was publicly released less than a month ago (17 March 2020).

Oracle will release the final version of the Q2 CPU mid-afternoon Pacific Daylight Time on Tuesday, 14 April. Waratek will follow shortly with an analysis of the final patch update.

About Waratek

Some of the world’s leading companies use Waratek’s ARMR Security Platform to patch, secure and upgrade their mission critical applications. A pioneer in the next generation of application security solutions, Waratek makes it easy for security teams to instantly detect and remediate known vulnerabilities with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead. For more information, visit www.waratek.com.

Waratek

Author Waratek

Some of the world’s leading companies use Waratek to patch, secure and upgrade their mission critical web applications using our next generation technology. Waratek makes it easy for security teams to instantly patch known Java and .NET flaws with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

More posts by Waratek
X