Oracle releases scheduled critical patch update
Oracle released a scheduled security update for its products this Tuesday. A whole range of vulnerabilities is fixed in Oracles Database products, E-Business Suite and other product lines. Oracle also announced an overhaul of its password checking utility. It was first introduced in the scheduled update last January and is used to assist customers with securing default accounts and passwords. This utility was originally released as a response to a worm targeting Oracle databases that attempted to use these default account and password settings.
As has quite often been the case, Oracle did not provide great detail about the disclosed vulnerabilities, nor did it released any potential workarounds. The company has been criticised in the past for its slow response to security threats, using a quarterly schedule for its update. The last security update in January also attracted some negative publicity regarding the emergence of easily exploitable dangerous vulnerabilities in Oracles products. One security company went as far as suggesting that the firms products “can no longer be considered a bastion of security”.
This time around Oracle has not avoided criticism, too, but not regarding the number of vulnerabilities, which has actually gone down on previous releases. The problem with Aprils update is that many of the patches for different platforms are unavailable unit at least May 1st, and some will be published in a months time, on May 15th. Currently there are scores of different product versions on many different platforms with varying degrees of support from Oracle. In all around half of all listed patches are delayed at least for some platforms.