July 17, 2024 at 06:03AM
Oracle announced 386 new security patches in its July 2024 Critical Patch Update (CPU), addressing over 260 unauthenticated, remotely exploitable vulnerabilities. The update includes roughly 240 unique CVEs, with notable patches for Communications and Financial Services Applications. Oracle urges customers to apply patches promptly to avoid exploitation as threat actors have targeted unpatched systems.
Based on the meeting notes, the key takeaways are:
1. Oracle announced 386 new security patches as part of its July 2024 Critical Patch Update (CPU), addressing various vulnerabilities, including over 260 for unauthenticated, remotely exploitable vulnerabilities.
2. Oracle Communications and Financial Services Applications received the largest number of security patches, with a significant portion resolving vulnerabilities that can be exploited remotely without authentication.
3. Other products that received security patches include Fusion Middleware, MySQL, Communications Applications, Analytics, Siebel CRM, PeopleSoft, Insurance Applications, E-Business Suite, JD Edwards, Database Server, Commerce, Java SE, Supply Chain, Application Express, Essbase, GoldenGate, NoSQL Database, REST Data Services, TimesTen In-Memory Database, Construction and Engineering, Enterprise Manager, HealthCare Applications, Hyperion, Retail Applications, Systems, Utilities Applications, and Virtualization.
4. Oracle customers are advised to apply the security patches as soon as possible due to known exploitation of vulnerabilities in Oracle products for which fixes had been released.
5. Oracle also released patches for third-party components in its products and for third-party software included in Oracle Solaris, along with Linux and VM Server for x86 bulletins.