Don’t believe it? Then why did Oracle release 144 patches this week, 36 of them for Java alone. For Java, 34 of the holes can be used to launch remote attack without the need for authentication – a big problem indeed.
The last time Oracle patched was in October, when it issued 127 fixes. This is far different than Microsoft (News - Alert) which issues patches each and every month on what is known as Patch Tuesday. Oracle middleware, such as the GlassFish Server and WebCenter, can also be compromised remotely without needing a password and user name. 22 patches were released to address this problem.
The New Word on Patching
Two issues are making patching more critical than ever. First, our applications and operating systems grow larger and more complex every day, creating a larger attack surface, and hackers are using automated hacking attacks and at the same time sharing their malicious code with like-minded hackers.
At the same time more than 90 percent of breaches could have been stopped if the systems were properly patched.
Gartner (News - Alert) is all over this issue. “In the darkest woods of IT, patching 3rd party application on a desktop remains a significant challenge for many organizations. Patching server OSs (Windows and Linux/UNIX) and 3rd party server applications also remains challenging due to fragility of many server environments. Add virtualization to the mix – and you have a full-blown slow-cooking disaster. And then you have Java…a security disaster in a league of its own,” wrote Gartner analyst Anton Chuvakin in a recent blog. “Java, Adobe Reader and Flash, Firefox, Oracle fat clients as well as many vertical and business-specific applications are often patched MUCH later than Windows and Office.”