Oracle have revealed when their Critical Patch Updates (CPUs) for 2019 and early 2020 will be released. In line with the messaging from Oracle, we strongly advise that our clients apply Critical Patch Updates as soon as possible after their release to ensure the optimisation of their products and continued security against malicious attacks.
Critical Patch Updates are collections of security fixes for Oracle products. They are available to customers with valid support contracts. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes.
We can provide our clients with a patch management strategy as part of any managed service or as a one off piece of professional service. We would always recommend that the customer be on the latest patch release, however we understand that this may not always be possible due to restrictions in the adjoining application.
The latest Oracle CPU was released in January and contains three new security fixes for the Oracle Database Server. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without requiring user credentials. None of these fixes are applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed. You can read more about this Critical Patch Update here.
If you would like assistance with the testing and application of these patches, or would simply just like to speak to one of our highly-qualified consultants before you embark on an upgrade programme, please don't hesitate to contact us