eSecurity Planet has the story on the first quarterly patch update from Oracle — which tackles 24 new vulnerabilities, including a slew of serious security holes.
Oracle is now out with its first quarterly critical patch update (CPU) of 2010, fixing 24 flaws spread across Oracle’s product portfolio. Affected products include Oracle’s namesake database server as well as the Oracle Application Server, E-Business Suite, Secure Backup, PeopleSoft Enterprise and WebLogic Servers.
Of particular note is the severity of the flaws in the January CPU — and the potential impact on affected systems.
“Thirteen of the 24 new vulnerabilities are remotely exploitable without authentication,” Eric Maurice, manager for security in Oracle’s global technology business unit, wrote in a blog post. “This means that an attacker could attempt to exploit these vulnerabilities, should the targeted systems be exposed on the network (as opposed to being hidden behind a firewall for example) remotely without requiring a username or password.”