CHANNELS

infoTECH Feature

January 15, 2014

Oracle's Patching Problem: Released 144 Patches This Week

Remember when Microsoft software by far had the most holes? That is far from the case today. In fact Oracle and Adobe (News - Alert) are bigger problems.

Don’t believe it? Then why did Oracle release 144 patches this week, 36 of them for Java alone. For Java, 34 of the holes can be used to launch remote attack without the need for authentication – a big problem indeed.

The last time Oracle patched was in October, when it issued 127 fixes. This is far different than Microsoft (News - Alert) which issues patches each and every month on what is known as Patch Tuesday. Oracle middleware, such as the GlassFish Server and WebCenter, can also be compromised remotely without needing a password and user name. 22 patches were released to address this problem.

Oracle’s (News - Alert) supply chain tools can be attacked this very same way, and there are now six patches to block these exploits.

The New Word on Patching

Two issues are making patching more critical than ever. First, our applications and operating systems grow larger and more complex every day, creating a larger attack surface, and hackers are using automated hacking attacks and at the same time sharing their malicious code with like-minded hackers.

At the same time more than 90 percent of breaches could have been stopped if the systems were properly patched.

Gartner (News - Alert) is all over this issue. “In the darkest woods of IT, patching 3rd party application on a desktop remains a significant challenge for many organizations. Patching server OSs (Windows and Linux/UNIX) and 3rd party server applications also remains challenging due to fragility of many server environments. Add virtualization to the mix – and you have a full-blown slow-cooking disaster. And then you have Java…a security disaster in a league of its own,” wrote Gartner analyst Anton Chuvakin in a recent blog. “Java, Adobe Reader and Flash, Firefox, Oracle fat clients as well as many vertical and business-specific applications are often patched MUCH later than Windows and Office.”

Edited by Cassandra Tucker

FOLLOW US

Webinars

Vonage Elevates Cloud Communications with Advanced Noise Cancellation and AI Integration
Rich Tehrani

Cyara Enhances AI and Assurance Services in the CX Space
Rich Tehrani

MiaRec Demos AI-Powered Quality Assurance Tools for Contact Centers
Rich Tehrani

What is a Data Lake
Rich Tehrani

How LeapXpert Combines Consumer Messaging with Enterprise Security and Compliance
Rich Tehrani

CHANNELS

infoTECH Feature

Oracle's Patching Problem: Released 144 Patches This Week

infoTECH Headlines

What Is AWS EFS? Features, Use Cases, and Critical Best Practices

Cost-Effective Approaches to s1000d Conversion

A virtual crossroads for technology enthusiasts

Benefits of employee monitoring software in preventing overworking of workers

CI/CD: Trends and Predictions for 2024

Technical Documentation for IT: A Practical Guide

Managing Your Costs on AWS: A 2024 Guide

What Is Application Dependency Mapping?

Top 5 Kubernetes Errors and How to Solve Them

How Artificial Intelligence Can Improve the World of Online Gaming Platforms

Subscribe to InfoTECH Spotlight eNews

infoTECH Whitepapers

What is Information Tehnology

Subscribe to InfoTECH Spotlight eNews InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter