Oracle have released their latest security update (October 2018 Critical Patch Update CPU) for the full range of its offerings including Database, E-Business Suite and Fusion Middleware.
This eagerly awaited quarterly patch has uncovered a number of critical flaws in the Oracle technology stack that could be exploited by malicious third parties.
For the Database, the update fixes three flaws, two of which could be exploited without authentication. CVE-2018-3259 has a CVSS base risk score of 9.8. The Common Vulnerability Scoring Standard (CVSS) assigns a numeric value between 0.0 and 10.0 to indicate the severity of the vulnerability, where 10.0 represents the highest severity.
16 new security fixes are supplied for Oracle E-Business Suite covering releases 12.1.1 to 12.2.7.
Here are 5 reasons why we think you should be talking about this CPU patch:
1) 99% of all attacks are not 0-day. Most cyber-attacks are based on commonly found or known exploits. These vulnerabilities are now in the public domain, therefore, the risk of exposure is now greater than before.
2) Your E-Business suite is likely to hold the crown jewels of your business information, can you afford to lose it through failing to perform information security basics correctly?
3) GDPR legislation has increased the maximum penalty for data breaches, is it worth the risk for the sake of a patching exercise?
4) Would you want to explain to the stakeholders in your business why you hadn’t done this?
5) It’s best practice and Oracle strongly recommends that every Critical Patch Update is applied as soon as possible.
Our DBA team here at Claremont are already talking to our clients and advising when and how their next CPU should be applied, so if your internal DBAs or Managed Service Provider are not talking to you about this, give them a prod or better still, give us a call.
You can find details of the latest CPU patch here (https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html)
Choosing the right Managed Services Provider
If you are looking for an Oracle partner who can help you with your technology investment, goes about it the right way and can back up the talk, then contact us. You can email us at email@example.com or phone us on +44 (0) 01483 549314.
The Future is Bright for Oracle E-Business Oracle E-Business has its roots back in the late 1980s, when Oracle Corporation first released their financial applications. Despite all the Cloud hype of recent years, only around 1-2% of Oracle’s on-premise customers have...
Structural Proactivity At Claremont, we pride ourselves on being more than a ‘keeps-the-lights-on’ managed services provider and strive to be proactive as well as reactive. Proactive support is implicit in many of Claremont’s core values - seeking to achieve “delivery...
Choosing the best solution for your cloud hosting Asking questions about security or where data is stored is commonplace, however, it’s crucial to ask the right questions around licensing and support before choosing which Cloud is the best fit for your...