Skip to main content
Tag

patch strategy

||

Oracle Drops Critical Update Bomb

By News, Patch ManagementNo Comments

Over 300 Vulnerabilities: 49 Rated as Critical

Oracle has just dropped its October 2018 update and it is a big one! Over 300 security flaws are addressed in this massive release. 49 of those flaws carry a critical CVSS rating (9 or higher).

One of these scored a ‘perfect’ critical rating of 10!

The flaw in question is CVE-2018-2913 for Oracle GoldenGate. According to Oracle’s Advisory, the flaw “may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.”

Of the remaining critical flaws, 45 have a CVSS rating of 9.8. This release is tackling a huge group of major vulnerabilities. Any organization running Oracle products should immediately scan their networks to figure out just how many devices require these updates.

Simplify Patch Management Tasks

If you want to make the patch management process more efficient, look to an IT solution such as Syxsense. The inventory scan feature can be set to regularly check your network and then display that information in easy to understand icons and graphs.

Then, move to the Patch Manager feature to set up a task to remediate the now obvious vulnerabilities. A task will be prepopulated for rapid deployment, or there are a multitude of controls to facilitate the update release strategy that works best for your unique environment.

Massive update bombs don’t have to wreak havoc on your work week. Discover a better way to manage your updates with Syxsense.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||||

Severe Oracle Vulnerabilities

By NewsNo Comments

WebLogic Server Needs Immediate Patching

If you are using an Oracle WebLogic Server in your environment, you must patch it now.

This easily exploitable vulnerability allows an unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server.

Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. To compound this further, it is currently being exploited and has been assigned a CVSS score of 9.8 out of 10.

More Oracle Updates

Oracle has released its July 2018 updates to address a total of 334 security vulnerabilities, the largest number of flaws resolved with a Critical Patch Update (CPU) to date. Over 200 of the bugs may be remotely exploitable without authentication.

Robert Brown, Director of Services for Verismic said, “IT Managers are so focused on patching Windows, that they lose focus on the applications within their environment which can be exploited just as easy as the OS.”

Your patching strategy should accommodate all weaknesses. This includes the applications used within your environment.

All Oracle customers are advised to apply the fixes included in Oracle’s Critical Patch Updates without delay, as some of the addressed vulnerabilities are being targeted by malicious actors in live attacks.

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

[vc_separator]

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.