January 17, 2024 at 06:30AM
Oracle issued 389 new security patches in its January 2024 Critical Patch Update, addressing numerous critical-severity vulnerabilities. The update covers over 200 unique CVEs, with emphasis on Financial Services Applications, Communications, and MySQL. Oracle urges prompt patch application, warning of potential in-the-wild exploitation. The company plans three more Critical Patch Updates in 2024.
From the meeting notes, I have extracted the following key takeaways:
– Oracle announced 389 new security patches as part of its first Critical Patch Update (CPU) of 2024, with dozens addressing critical-severity vulnerabilities.
– Roughly 200 unique CVEs were identified in Oracle’s January 2024 CPU, and more than 200 security patches resolve bugs exploitable by remote, unauthenticated attackers.
– Financial Services Applications was the most impacted product, receiving 71 new security patches, including 54 for vulnerabilities exploitable remotely without authentication.
– Significant security patches were also released for Communications, Communications Applications, MySQL, Fusion Middleware, E-Business Suite, Analytics, Java SE, Enterprise Manager, Hyperion, JD Edwards, and Systems.
– The CPU also includes fixes for multiple non-exploitable flaws, and Oracle urges all customers to apply the patches as soon as possible due to the threat posed by successful attacks.
– Oracle plans to release three more Critical Patch Updates in 2024, scheduled for the third Tuesday of April, July, and October.
Let me know if there’s anything specific you’d like to focus on or any other information you need.