Oracle Issues Massive Security Update
Microsoft wasn't the only company that released a massive update today. Oracle pushed out its final update of the year, complete with 85 security fixes.
Oracle initially announced it was fixing 81 vulnerabilities. Of the 85 patches released today, 33 are focused on the Oracle applications suites, with the breakdown as follows: six for Oracle e-Business, two for Oracle Supply Chain products, 21 for the Oracle PeopleSoft and JDEdwards suite, and four for the Oracle Siebel suite.
Thirty-one of the vulnerabilities affect the Oracle Sun product suite (Solaris), including 11 Oracle classified as remotely exploitable. There are also eight fixes for Oracle Fusion Middleware, seven for the Oracle database, one in Oracle Enterprise Manager Grid Control, one in the Oracle Primavera suite and four for Oracle VM.
"It's like a perfect storm, with two of the biggest software companies out there releasing very large patch sets on the same day," said Alex Rothacker, manager of TeamSHATTER at database security firm Application Security. "However, most companies are not automatically applying these patches the minute they come out, but instead they will spread the patching out over a period of time. Also, as far as the Oracle Database is concerned, most installations are on Linux and other Unix variants and are not affected by the Microsoft patches. It will definitely keep IT departments busy, but it shouldn't cause any undue havoc."
Microsoft released 16 security bulletins today to cover 49 vulnerabilities across its product line, including Windows, Internet Explorer, Microsoft Office and the .NET Framework.