Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: Oracle Critical Patch Update Release - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Oracle Critical Patch Update Release

Oracle released their quarterly critical patch update today.  This patch addresses a record number of 334 vulnerabilities across a wide set of Oracle supported products.

Vulnerabilities in Weblogic, Oracle Spatial, and Oracle Fusion Middleware MapViewer are rated with CVSS scores of 9.8.  Deserialization based attacks within Weblogic server has been used as attack vectors in the past year, and used to install crypto miner campaigns.  It is likely that these types of campaigns will continue for the forseeable future.

We recommend the review of the full CPU release to identify impacted software packages within your organization, and make plans to address those that create the largest risk.  The full bulletin is available at Oracle at the URL http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html .

 

Scott Fendley ISC Handler

ScottF

188 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!