Oracle drops massive 299 vulnerability patch, fixes Shadow Broker exploit
Oracle has released a patch which fixes a total of 299 vulnerabilities, breaking the firm's previous record in July which resolved a total of 276 security flaws.
On Wednesday, the software giant issued a security advisory which documented 299 security fixes for software in most of the company's product families including Oracle Database Server, Fusion Middleware, Enterprise Manager Base platform, PeopleSoft Enterprise and Java, among others.
The majority of the fixes are for Oracle Financial Services, Retail, Communications, and MySQL software. As noted by Qualys, the vulnerabilities found within these families can be exploited remotely via HTTP to completely hijack vulnerable systems.
In total, Oracle has patched a total of 39 MySQL and 39 Oracle Retail bugs, 47 Financial Services vulnerabilities, and issued 8 Java security fixes.
On Wednesday, the software giant issued a security advisory which documented 299 security fixes for software in most of the company's product families including Oracle Database Server, Fusion Middleware, Enterprise Manager Base platform, PeopleSoft Enterprise and Java, among others.
The majority of the fixes are for Oracle Financial Services, Retail, Communications, and MySQL software. As noted by Qualys, the vulnerabilities found within these families can be exploited remotely via HTTP to completely hijack vulnerable systems.
In total, Oracle has patched a total of 39 MySQL and 39 Oracle Retail bugs, 47 Financial Services vulnerabilities, and issued 8 Java security fixes.
Oracle has disclosed that out of 299 vulnerabilities, over 100 are remotely exploitable.
Among the bugs smoothed over is CVE-2017-3622, a vulnerability discovered in Solaris 10 and 11.3 through the Shadow Brokers dump.
The Shadow Brokers exploit, dubbed EXTREMEPARR, can be used for privilege escalation in Solaris. Another Shadow Brokers vulnerability, Ebbshave (CVE-2017-3623), was addressed by Oracle in a previous update and does not impact Solaris 11.
Oracle has deemed the update "critical" and revealed that the tech giant has received reports of attackers successfully exploiting security flaws when software has not been updated and security fixes have not been implemented quickly. The company has urged IT administrators to update their systems "without delay."
Oracle's next round of security updates is due on 18 July 2017.
Post a Comment