Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Oracle Critical Patch Update October

Published: 2012-10-17
Last Updated: 2012-10-17 03:19:56 UTC
by Mark Hofman (Version: 1)
2 comment(s)

Oracle has just released their critical patch update http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Quite  a number of products are being patched also for those of you subject to PCI DSS there are a significant number of patches addressing issues with a CVSS score of 4 or higher, which must be patched under the standard.

They have also released a critical patch update for Java http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html 

The info in the Oracle bulletin is comprehensive and should allow you to identify what needs to be done fairly easily.  Both bulletins have the following wording in the work around section "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible." For most of us not new (at least not on the java side), but maybe a strong argument if you get pushback on patching.

Happy patching, as always test before you implement.

Mark H - shearwater
 

2 comment(s)
Diary Archives