Just How Critical Is Oracle’s Latest Critical Patch Update?

Release Dynamix for Oracle

Oracle released its latest Critical Patch Update in July 2020, which included record-breaking security updates. If that seems familiar, that’s because it is. Oracle breaks records with each patch release. 

This time however, a special note was included in the release announcement, directly putting the blame for security breaches on customers’ inaction; “attackers have been successful because targeted customers had failed to apply available Oracle patches.” In the announcement Oracle continues to urge customers to “remain on actively-supported versions” and apply Critical Patch Update without delay.

On July 14th, 2020, Oracle released its own security advisory and third-party security advisories for its July 2020 Critical Patch Update (CPU) which fix 433 new security vulnerabilities, many of which affect multiple products. Hundreds of them are remotely exploitable without authentication,

With its latest release, Oracle E-Business Suite (EBS) continues to ensure that security is top of mind. 

How I Stopped Worrying and Learned to Love Patching

Oracle EBS can integrate with various systems, both on-premises or hosted in the cloud, leaving organizations vulnerable to various security risks. The patch update is crucial for both on-premises and Oracle cloud infrastructure patching. 

Let’s take a look into the newest Oracle security patch and how it benefits your organization. 

This block renders a quote for the post drawn from the post's custom fields. Modify the quote below the content editor in the Quote fields.

A whopping 70% of enterprise businesses are exposed to critical risk.

Oracle EBS’s July 2020 Patch 

The Oracle Critical Patch update for July 2020 includes 433 new security patches across Oracle EBS and a variety of other product families including Fusion Middleware, Database Server, Application Testing Suite, PeopleSoft, and Agile PLM. This collection of patches help prevent various security vulnerabilities. 

Here are some of the ways Oracle CPU Patches benefit you: 

Keeping Businesses Secure by Staying Current

A whopping 70% of enterprise businesses are exposed to critical risk. Chances are your organization is one of many that is exposed. What are you doing to prevent it? 

Many of these organizations are installing critical updates just once or twice annually, not addressing security until disaster strikes. The downfall is there are risks to security that an organization may not be aware of until it’s too late. 

Due to the breadth of business processes that Oracle EBS manages, an attack against the system would enable the theft of critical information across your enterprise. 

Oracle’s “stay current” policy emphasizes the importance of on-time updates and enables businesses to minimize vulnerabilities and keep their data safe. 

Ensuring Predictability 

Predictability is key when it comes to Oracle’s Critical Patch program. By providing transparency into the Critical Patch Update schedule, organizations can avoid security gaps. Knowing exactly when each update will take place allows plenty of time to plan ahead. 

Taking a Proactive Approach 

It’s easier to prevent the fire than to put it out after it’s already started. To mitigate the risk of a disaster, it’s critical to account for security vulnerabilities and plan Critical Patch Updates accordingly. By making critical updates on time, you’ll be taking a proactive approach to security. 

The latest Oracle Critical Patch Update continues to ensure these capabilities. 

A Timeline of Previous Critical Patches 

With every new release, Oracle breaks its own records in patching security vulnerabilities. 

Previous types of patches in Oracle included the following: 

  • Oracle Critical Patch Update, April 2017: This Critical Patch Update included 300 security fixes across the various Oracle product families as well as Oracle Linux security patches.
  • Oracle Critical Patch Update, July 2017: The July 2017 Oracle Critical Patch Update fixed 308 bugs and vulnerabilities in a broad range of Oracle products. It also included 22 fixes to Oracle EBS. 
  • Oracle Critical Patch Update, October 2017: The October 2017 Critical Patch Update contained 252 security fixes for the Oracle product family. 
  • Oracle Critical Patch Update, April 2019: The April 2019 Critical Patch Update contained 297 security fixes across Oracle products. 
  • Oracle Critical Patch Update, July 2019: Oracle’s July 2019 Critical Patch Update contained 319 new security fixes. 
  • Oracle Critical Patch Update, October 2019: The Oracle Critical Patch Update Advisory in October 2019 covered 219 security fixes including the Oracle Java SE Critical Patch Update and a variety of other products within the Oracle family. 

How to Apply Critical Oracle Security Patches

Before we get into the how-tos of applying Critical Patches, let’s talk a bit more about Oracle EBS security. One of the most important questions businesses need to address is “how long does it take to deploy Oracle security patches into the production environment?” 

The Mean Time to Patch (MTTP) is the answer. MTTP measures the time needed to deploy patches to your technologies. The faster you can deploy these patches, the more you’ll lower your organization’s mean time to patch. 

Now, let’s look into the process of installing Oracle patches step by step. 

How to Apply Critical Patches in Oracle Apps R12. X

There are various types of patches in Oracle Apps R12, from product patch sets to rollup patches. Here’s a quick rundown of how to apply a patch in Oracle apps R12, as per Oracle’s guidelines

  1. Apply the AD and TXK updates in order to get the most updated patching tools version. 
  2. Apply the most up-to-date EBS update pack. 
  3. Apply the latest Oracle EBS family packs as well as those on the recommended patch list. 
  4. Apply the most recent Critical Patch Updates. 
  5. Apply the most recent Oracle Patch Set Updates (PSU) along with associated EBS interoperability patches. (For more information on Oracle PSUs, such as how to apply a PSU patch in Oracle or how to check the PSU patch version in Oracle 12c, read more here. )
  6. Apply Oracle one-off patches only for critical fixes that cannot wait for relevant fixes that will be included in the release vehicles. 

That’s a quick overview of how to patch your Oracle database. In addition, the Oracle merge patch helps save time by merging multiple patches into one, mitigating the need to duplicate common tasks. 

Remain a Step Ahead and Reduce Your Security Risk with Oracle EBS 

In order to stay secure, your systems must stay current. This is why Oracle emphasizes the importance of timely updates. There are no surprises here–Oracle’s Critical Patch Updates run on a predictable schedule, allowing customers to be prepared and effectively plan for these updates, therefore mitigating the risk of security gaps. 

Upcoming Oracle security patches will be released on:

  • 20 October 2020
  • 19 January 2021
  • 20 April 2021
  • 20 July 2021

Panaya can help minimize risk to your organization by providing real-time visibility into your system without the need for database admin, enabling all stakeholders to collaborate efficiently and effectively. 

Hindsight is 20/20 but Oracle EBS ensures that you get it right the first time, with its proactive approach to critical security. Follow the Oracle patching best practices above to act swiftly during the next update and minimize your risk of a security breach. 

Learn how to adopt and practice a proactive approach to online patching. Read this guide.

Choose The Right Tool

Panaya Release Dynamix for Oracle
Change Intelligence for EBS Patching


Oracle CPU with Panaya

How I Stopped Worrying and Learned to Love Patching