Oracle released its Vital Patch Update (CPU) for October 2020 on Tuesday, which contains 402 new protection updates released through the product range of the company.
Details on patches issued after the previous CPU is included in the guidance for the new CPU, but the patches are usually retrospective, Oracle notices. To ensure their devices are secure, consumers are also encouraged to check details on recently published updates.
Oracle published two versions of the advisory this month: a revised one where specifics are listed under the risk matrix of the product on patches for security bugs in third-party components that are not exploitable as implemented in Oracle products, and the standard advisory (which lists a total of 421 patches).
Without protection, more than half of the 402 new security fixes included in the CPU this month can be accessed remotely.
More than 80 of the updates, most with CVSS ratings of 9.8, fix critical-severity bugs. Two of these have CVSS ratings of 10, namely CVE-2020-1953, affecting the Healthcare Base, and CVE-2020-14871, affecting Solaris.
Financial Services Systems are Oracle products that have seen the largest number of recent security patches: 53 patches-49 of the vulnerabilities can be abused by remote, unauthenticated attackers; MySQL: 53 fixes-4 defects can be remotely abused without credentials; Communications: 52 patches-41 weaknesses can be remotely exploited; and Fusion Middleware: 46 patches-36 vulnerabilities are exploited
Next in line are Retail Software (28 patches-25 vulnerabilities that can be remotely abused without credentials), E-Business Suite (27 fixes-25 glitches that can be remotely abused), Web Server (18-4), PeopleSoft (15-12), Corporate Boss (11-10), Networking Applications (9-8), Building and Infrastructure (9-7), Hyperion (9-1), Java SE (8-8), Networks (8-3), Virtualization (7-0), Insurance (7-0),
Utilities Apps (5-3 bugs targeted by remote, unauthenticated attackers), REST Computer Services (5-2), Health Sciences Apps (4-4), TimesTen In-Memory Database (4-4), Food and Beverage Applications (4-3), Supply Chain (4-3), Siebel CRM (3-3), Large Data Graph (1-1), and GraalVM (1-1) are items that saw fewer than five fresh updates this month.
Many of the fixes identified by Oracle in each risk matrix of the goods solve numerous other flaws, some even tens of problems. The patch for CVE-2020-14734, a high-severity bug in the Database Server Text portion, for instance, also contains patches for 38 additional CVEs.
To ensure their devices stay safe, Oracle urges clients to instal the available patches. The organisation also states that warnings of deliberate targeting of previously resolved problems continue to be issued, underscoring the need for prompt patching.
“Oracle highly advises that consumers apply Vital Patch Upgrade protection updates as quickly as possible because of the danger faced by a successful attack. Until you submit the Vital Patch Update updates, by blocking network protocols needed by an attack, Oracle says, it could be possible to reduce the probability of a successful attack.