Senior Writer, CSO
Oracle hasn’t been “just” a database company in a long time, and nowhere is that more evident than in its quarterly critical patch update release, where the bulk of the fixes are in business applications like PeopleSoft and E-Business Suite.
Recent global malware outbreaks WannaCry and NotPetya exposed how much enterprises struggle with patching. Staying current with the latest security patches involves testing, preparing and deploying the updates and enterprises are lagging behind as each product has its own update schedule.
It is easy to wag fingers about how it shouldn’t take IT more than 60 days to deploy an update, but consider the current workload. On top of the regularly scheduled monthly updates from Microsoft and Adobe, some organizations may need to deal with the latest Cisco patches. Organizations are still working on closing the SMB vulnerability, especially the out-of-network updates for Windows XP and other unsupported systems. Enterprises with iOS devicesneed to prioritize the latest update to address a serious security flaw in its WiFi chip.
Then there is Oracle’s gargantuan Critical Patch Update (CPU), which fixed a whopping 308 vulnerabilities across its entire product portfolio. Over half, or 168, of the fixes address vulnerabilities that could be remotely exploited without needing any kind of user authentication.
“For the second time this year, the latest Oracle patch release has reinforced the accelerating challenges cybersecurity teams face in keeping pace with software flaws and the malicious hackers that exploit them,” said John Matthew Holt, CTO of Waratek.