Today’s topics include Microsoft enabling businesses to use Azure Site Recovery to migrate from Windows Server 2008, and Oracle patching 301 vulnerabilities in the October update.
Enterprise users who are looking for migration alternatives for their Windows Server 2008 32-bit applications as the end of support approaches for the product in January 2020 can now turn to Azure Site Recovery to perform the migrations and extend support for those applications on Azure through 2023.
The new option was announced by Sue Hartford, senior product marketing manager of Microsoft’s Windows Server division, on Oct. 16. The option provides users with three additional years of Extended Security Updates for free in Azure if they migrate their old 32-bit applications from Windows Server 2008 or Server 2008 R2 to Azure virtual machines.
The Azure Site Recovery tool has allowed migrations involving 64-bit versions of Windows Server in the past, and has now been updated to support 32-bit application migrations.
Oracle’s final Critical Patch Update for 2018 is now available, patching 301 vulnerabilities spread across Oracle’s product portfolio. Of the 301 vulnerabilities, 49 are rated with a Common Vulnerabilities Security Scoring score of 9.0 or higher, with only a single issue garnering the top severity rating of 10.0.
The October CPU became generally available on Oct.16 and includes patches for both first-party and third-party components that Oracle develops and ships in its products. While 301 flaws is a large number, it is actually fewer than the 334 that Oracle patched in the last CPU that it released on July 18.
The most severe flaw of the 301 was in Oracle’s GoldenGate software, which the NIST National Vulnerability Database claims is an “Easily exploitable vulnerability [that] allows unauthenticated attackers with network access via TCP to compromise Oracle GoldenGate. … While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products.”