Oracle recently released its quarterly set of patches to address vulnerabilities within its products. With the patches came a corresponding message, in which customers were urged, with some powerful words, to actually install the patches when they are available.
The reason for the reprimand to Oracle customers has to do with the fact that the company has received several messages regarding vulnerabilities for which a patch has already been released.
Unnecessary vulnerabilities
In a statement, Oracle stated that, from time to time, the company receives reports regarding attempts to exploit certain vulnerabilities. In some cases these would be successful attacks, which could have been prevented if customers had installed the available Oracle patches.
334 Oracle patches
Critical bugs are said to have been found in Enterprise Manager, MySQL and software that falls under Oracle’s so-called Supply Chain products. With the new set of patches a total of 334 fixes have been released, of which 43 are said to be critical and according to the company should be installed immediately.
Temporary solutions
Although Oracle insists on installing the patches, the company still has advice for customers who have not yet installed the patches. Could companies reduce the risk of attack by blocking the network protocols required for an attack? In addition, certain access privileges could also be limited for employees for whom these privileges are not essential.
Oracle warns, however, that the above measures could adversely affect the functionality of some products. Therefore, it is recommended that these measures should only be applied to systems that are not absolutely necessary.
Danger of negligence
Keeping security patches up to date is underlined by the incident with Equifax in 2017. This involved a data leak, which was partly due to negligence with regard to new patches. In this case, there were more than 8,500 patches, which should have already been installed.