Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Oracle Critical Patch Update Release InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Oracle Critical Patch Update Release

Published: 2018-07-17
Last Updated: 2018-07-18 02:38:21 UTC
by Scott Fendley (Version: 1)
0 comment(s)

Oracle released their quarterly critical patch update today.  This patch addresses a record number of 334 vulnerabilities across a wide set of Oracle supported products.

Vulnerabilities in Weblogic, Oracle Spatial, and Oracle Fusion Middleware MapViewer are rated with CVSS scores of 9.8.  Deserialization based attacks within Weblogic server has been used as attack vectors in the past year, and used to install crypto miner campaigns.  It is likely that these types of campaigns will continue for the forseeable future.

We recommend the review of the full CPU release to identify impacted software packages within your organization, and make plans to address those that create the largest risk.  The full bulletin is available at Oracle at the URL http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html .

 

Scott Fendley ISC Handler

0 comment(s)
Diary Archives