Just How Critical Is Oracle’s Latest Critical Patch Update?

Oracle Critical Patch Update

What You’ll Learn

  • The importance of Oracle’s Critical Patch Updates (CPU) and their impact on security.
  • A timeline of previous Oracle Critical Patch Updates.
  • How to apply Oracle security patches effectively to minimize security risks.
  • The significance of staying current with Oracle patches to maintain system security.

Oracle released its latest Critical Patch Update in July 2020, which included record-breaking security updates. If that seems familiar, that’s because it is. Oracle breaks records with each patch release. 

This time however, a special note was included in the release announcement, directly putting the blame for security breaches on customers’ inaction; “attackers have been successful because targeted customers had failed to apply available Oracle patches. “In the announcement Oracle continues to urge customers to “remain on actively-supported versions” and apply Critical Patch Update without delay.

On July 14th, 2020, Oracle released its own security advisory and third-party security advisories for its July 2020 Critical Patch Update (CPU) which fix 433 new security vulnerabilities, many of which affect multiple products. Hundreds of them are remotely exploitable without authentication.

With its latest release, Oracle E-Business Suite (EBS) continues to ensure that security is top of mind. 

Learned to Love Oracle Patching

How I Stopped Worrying and Learned to Love Patching

Make the Most of Oracle EBS and Cloud Infrastructure

Get the Guide

Oracle EBS can integrate with various systems, both on-premises or hosted in the cloud, leaving organizations vulnerable to various security risks. The patch update is crucial for both on-premises and Oracle cloud infrastructure patching. 

Let’s take a look into the newest Oracle security patch and how it benefits your organization. 

This block renders a quote for the post drawn from the post's custom fields. Modify the quote below the content editor in the Quote fields.

Oracle EBS’s July 2020 Patch 

The Oracle Critical Patch update for July 2020 includes 433 new security patches across Oracle EBS and a variety of other product families including Fusion Middleware, Database Server, Application Testing Suite, PeopleSoft, and Agile PLM. This collection of patches help prevent various security vulnerabilities. 

Here are some of the ways Oracle CPU Patches benefit you: 

Keeping Businesses Secure by Staying Current

A whopping 70% of enterprise businesses are exposed to critical risk. Chances are your organization is one of many that is exposed. What are you doing to prevent it? 

Many of these organizations are installing critical updates just once or twice annually, not addressing security until disaster strikes. The downfall is there are risks to security that an organization may not be aware of until it’s too late. 

Due to the breadth of business processes that Oracle EBS manages, an attack against the system would enable the theft of critical information across your enterprise. 

Oracle’s “stay current” policy emphasizes the importance of on-time updates and enables businesses to minimize vulnerabilities and keep their data safe. 

Ensuring Predictability 

Predictability is key when it comes to Oracle’s Critical Patch program. By providing transparency into the Critical Patch Update schedule, organizations can avoid security gaps. Knowing exactly when each update will take place allows plenty of time to plan ahead. 

Taking a Proactive Approach 

It’s easier to prevent the fire than to put it out after it’s already started. To mitigate the risk of a disaster, it’s critical to account for security vulnerabilities and plan Critical Patch Updates accordingly. By making critical updates on time, you’ll be taking a proactive approach to security. 

The latest Oracle Critical Patch Update continues to ensure these capabilities. 

Oracle Critical Patch Timeline

A Timeline of Previous Critical Patches 

With every new release, Oracle breaks its own records in patching security vulnerabilities. 

Previous types of patches in Oracle included the following: 

  • Oracle Critical Patch Update, April 2017: This CPU included 300 security fixes across the various Oracle product families as well as Oracle Linux security patches.
  • Oracle Critical Patch Update, July 2017: The July 2017 Oracle CPU fixed 308 bugs and vulnerabilities in a broad range of Oracle products. It also included 22 fixes to Oracle EBS. 
  • Oracle Critical Patch Update, October 2017: The October 2017 CPU contained 252 security fixes for the Oracle product family. 
  • Oracle Critical Patch Update, April 2019: The April 2019 CPU contained 297 security fixes across Oracle products. 
  • Oracle Critical Patch Update, July 2019: Oracle’s July 2019 CPU contained 319 new security fixes. 
  • Oracle Critical Patch Update, October 2019: The Oracle Critical Patch Update Advisory in October 2019 covered 219 security fixes including the Oracle Java SE Critical Patch Update and a variety of other products within the Oracle family. 
  • Oracle Critical Patch Update, January 2020:  The January 2020 CPU includes 33 security patches
  • Oracle Critical Patch Update, April 2020: The Oracle CPU Advisory covers 399 security patches
  • Oracle Critical Patch Update, July 2020: Oracle’s July CPU contains 444 security patches, including 30 vulnerabilities and 24 Remote EBS Exploits Without Authentication

How to Apply Critical Oracle Security Patches

Before we get into the how-tos of applying Critical Patches, let’s talk a bit more about Oracle EBS security. One of the most important questions businesses need to address is “how long does it take to deploy Oracle security patches into the production environment?” 

The Mean Time to Patch (MTTP) is the answer. MTTP measures the time needed to deploy patches to your technologies. The faster you can deploy these patches, the more you’ll lower your organization’s mean time to patch. 

Now, let’s look into the process of installing Oracle patches step by step. 

How to Apply Critical Patches in Oracle Apps R12. X

There are various types of patches in Oracle Apps R12, from product patch sets to rollup patches. Here’s a quick rundown of how to apply a patch in Oracle apps R12, as per Oracle’s guidelines

  1. Apply the AD and TXK updates in order to get the most updated patching tools version. 
  2. Apply the most up-to-date EBS update pack. 
  3. Apply the latest Oracle EBS family packs as well as those on the recommended patch list. 
  4. Apply the most recent Critical Patch Updates. 
  5. Apply the most recent Oracle Patch Set Updates (PSU) along with associated EBS interoperability patches. (For more information on Oracle PSUs, such as how to apply a PSU patch in Oracle or how to check the PSU patch version in Oracle 12c, read more here)
  6. Apply Oracle one-off patches only for critical fixes that cannot wait for relevant fixes that will be included in the release vehicles. 

That’s a quick overview of how to patch your Oracle database. In addition, the Oracle merge patch helps save time by merging multiple patches into one, mitigating the need to duplicate common tasks. 

Remain a Step Ahead and Reduce Your Security Risk with Oracle EBS 

In order to stay secure, your systems must stay current. This is why Oracle emphasizes the importance of timely updates. There are no surprises here–Oracle’s Critical Patch Updates run on a predictable schedule, allowing customers to be prepared and effectively plan for these updates, therefore mitigating the risk of security gaps. 

Upcoming Oracle security patches will be released on:

  • 20 October 2020
  • 19 January 2021
  • 20 April 2021
  • 20 July 2021

Panaya can help minimize risk to your organization by providing real-time visibility into your system without the need for database admin, enabling all stakeholders to collaborate efficiently and effectively. 

Hindsight is 20/20 but Oracle EBS ensures that you get it right the first time, with its proactive approach to critical security. Follow the Oracle patching best practices above to act swiftly during the next update and minimize your risk of a security breach. 

Learn how to adopt and practice a proactive approach to online patching. Read this guide.

Key Takeaways

  • Regular and timely application of Oracle’s Critical Patch Updates is crucial to minimize security risks.
  • Understanding the Mean Time to Patch (MTTP) helps in measuring and improving the efficiency of deploying security patches.
  • Following a structured approach to applying patches in Oracle Apps R12 ensures comprehensive security coverage.
  • Tools like Panaya provide real-time visibility and collaboration capabilities, helping organizations stay ahead in managing their Oracle EBS security.

Choose The Right Tool

Panaya Release Dynamix for Patches & Customizations
Change Intelligence for EBS Patching

Oracle CPU with Panaya
Learned to Love Oracle Patching

How I Stopped Worrying and Learned to Love Patching

Make the Most of Oracle EBS and Cloud Infrastructure

Get the Guide

Want To Learn More About Panaya?

We’re Hiring!

Apply now on our Career Center or via Linkedin

Start changing with confidence

Book a demo
Skip to content