Oracle scolds customers for ignoring critical patches

Company claims many actively exploited vulnerabilities should have already been fixed

Oracle has issued a strong rebuke to customers over their failure to update their systems regularly, following a number of reports showing exploits of vulnerabilities that should have already been patched.

The software company has issued the strongly-worded message to customers as part of another wave of patches, some 334 fixes in total, 43 of which are deemed critical, that it hopes will be applied immediately.

Related Resource

Patch management best practices

Reduce your patch management workload

Download now

These have been bundled into the company's routine ‘critical patch update’ which is released to customers once per quarter, with the next scheduled round of updates due on 14 April.

Advertisement - Article continues below

“Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches,” the firm said in a statement. “In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches.

“Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.”

The firm has urged customers to apply the trove of fixes to their products due to the very real threat posed by a successful attack. The products affected by the critical bugs include, but aren’t limited to, Enterprise Manager, MySQL and various software categorised under ‘Oracle Supply Chain Products’.

Advertisement
Advertisement - Article continues below

Companies may be able to reduce the risk of attack in the meantime by blocking network protocols required by an attack, or by removing access privileges from individuals for which these privileges aren’t essential.

Advertisement - Article continues below

Both approaches, however, may also break functionality in certain products, so the company has recommended that customers test these workarounds only systems where they are absolutely necessary.

The importance of patching systems has been highlighted in no uncertain terms by various security horror stories, including the Equifax disaster.

The 2017 data breach was, in part, enabled by a lackadaisical approach to patching IT, namely that 8,500-plus patches were overdue to be applied to internal and external systems.

Oracle’s warning also echoes an analysis conducted in November 2019 regarding the infamous BlueKeep vulnerability.

The research showed that despite the fact the first exploitations for the Microsoft bug were released into the wild, businesses were no more or less motivated to apply necessary fixes than they had been previously.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Most Popular

Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020