Oracle has released almost 400 critical patches for its products, and while doing so urged IT pros to not only install them fast but also older security updates as well.
“Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches,” the company said in its April critical patch update advisory. “In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.”
The 397 patches in the latest updates include 15 patches for Java SE, 51 patches for Oracle Fusion Middleware, 74 patches for Oracle E-Business Suite and 16 patches for Oracle Knowledge.
Oracle partner Waratek, which makes application security products, noted the 397 patches are 18 per cent more than were issued in January’s critical update release and a 33 per cent increase from last April’s release.
According to Security Week, roughly 60 of the newly addressed vulnerabilities are considered critical severity, with more than 55 of them featuring a CVSS score of 9.8. Around 90 vulnerabilities have a CVSS score of 8.0 or higher.