Subscribe to the InfoTech eNewsletter

infoTECH Feature

January 15, 2014

Oracle's Patching Problem: Released 144 Patches This Week

Remember when Microsoft software by far had the most holes? That is far from the case today. In fact Oracle and Adobe (News - Alert) are bigger problems.

Don’t believe it? Then why did Oracle release 144 patches this week, 36 of them for Java alone. For Java, 34 of the holes can be used to launch remote attack without the need for authentication – a big problem indeed.

The last time Oracle patched was in October, when it issued 127 fixes. This is far different than Microsoft (News - Alert) which issues patches each and every month on what is known as Patch Tuesday. Oracle middleware, such as the GlassFish Server and WebCenter, can also be compromised remotely without needing a password and user name. 22 patches were released to address this problem.

Oracle’s (News - Alert) supply chain tools can be attacked this very same way, and there are now six patches to block these exploits.

The New Word on Patching

Two issues are making patching more critical than ever. First, our applications and operating systems grow larger and more complex every day, creating a larger attack surface, and hackers are using automated hacking attacks and at the same time sharing their malicious code with like-minded hackers.

At the same time more than 90 percent of breaches could have been stopped if the systems were properly patched.

Gartner (News - Alert) is all over this issue. “In the darkest woods of IT, patching 3rd party application on a desktop remains a significant challenge for many organizations. Patching server OSs (Windows and Linux/UNIX) and 3rd party server applications also remains challenging due to fragility of many server environments. Add virtualization to the mix – and you have a full-blown slow-cooking disaster. And then you have Java…a security disaster in a league of its own,” wrote Gartner analyst Anton Chuvakin in a recent blog. “Java, Adobe Reader and  Flash, Firefox, Oracle fat clients as well as many vertical and business-specific applications are often patched MUCH later than Windows and Office.”

Edited by Cassandra Tucker

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers