Oracle Prioritizes Security with Largest Critical Patch Update Ever

No company has ever patched as many vulnerabilities in a single patch update as Oracle did this month. The update fixes 308 bugs and vulnerabilities across a broad array of Oracle products, including 22 fixes to Oracle E-Business Suite,18 of which may be remotely exploitable without authentication.


Not all vulnerabilities are equal, with the most severe typically being those that are remotely exploited without authentication. In the July CPU, there are a total of 165 remotely exploitable vulnerabilities across the Oracle software portfolio. Looking at vulnerability ratings with the Common Vulnerabilities Scoring System (CVSS), there are 27 issues with a rating between 9.0 and 10.0.


Oracle updates are incrementally increasing in size. The previous record high for Oracle was April 2017, when the company fixed 299 vulnerabilities across its software portfolio. To date in 2017, Oracle’s quarterly CPU has patched a total of 878 vulnerabilities. The next update is expected on October 17th, 2017.


The update includes 22 fixes to Oracle E-Business Suite,18 of which may be remotely exploitable without authentication.

This block renders a quote for the post drawn from the post's custom fields. Modify the quote below the content editor in the Quote fields.

Staying Secure is about Staying Current

Digital transformation requires your systems to integrate and interface with other business applications both within and outside your organization. Today, your Oracle EBS has multiple interfaces to multiple systems, both on premise and in the cloud, which can greatly impact your organization’s vulnerability and expose it to security breaches.


In fact, Panaya’s research shows that 70% of enterprise organizations today are exposed to security vulnerabilities and critical risk! Organizations tend to bundle critical patch updates, installing them only once or twice a year. To stay secure, Oracle does not only recommend this critical patch update be applied as soon as possible, but also continuously emphasizes the urgency of updating on time with a “stay current” policy using the Oracle releases.

Oracle EBS Security: How Can You Be More Proactive?

In today’s sensitive security climate, organizations without effective Oracle EBS security are quite simply at risk. However, applying the right KPIs, organizations can proactively protect themselves by accurately assessing the risk. We’ve put together a webinar to get your organization started on keeping Oracle EBS safe. Let Panaya’s Oracle experts walk you through all the steps to making your oracle EBS secure.