Starting this month, Oracle is supplementing the quarterly Critical Patch Update (CPU) fixes with monthly security releases focused on high-priority vulnerabilities.
The first monthly Critical Security Patch Update (CSPU) will roll out on May 28, addressing critical-severity vulnerabilities in the company’s products.
It will be followed by a second CSPU on June 16, and a third on August 18. In July, Oracle will release the usual quarterly CPU, which will contain both fixes for new security defects and the patches included in the prior CSPUs.
“This approach enables customers in customer-managed environments to reduce exposure by applying critical fixes sooner, without waiting for the next quarterly cycle,” the company says.
As before, organizations using Oracle-managed cloud services will receive the new security updates automatically, while self-managed customers will need to apply the fixes themselves.
The move to a faster patch rollout, Oracle says, is fueled by the broad adoption of AI across its environments to aid with code analysis, security testing, and vulnerability detection.
“The latest generation of AI is transforming how software vulnerabilities are identified and fixed, increasing the speed and scale of discovery and remediation,” Oracle notes.
Oracle’s use of frontier AI models has improved its vulnerability detection capabilities, allowing it to identify risks earlier, improve protections, and strengthen code.
As such, the monthly security updates will complement the quarterly cumulative rollouts to enable customers to resolve critical-severity flaws more quickly on premises.
“Security depends on identifying vulnerabilities quickly and applying fixes just as quickly. Oracle is using AI, including frontier models, to improve how issues are found and to accelerate how fixes are delivered, including the introduction of monthly CSPUs,” the company says.
Related: Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls
Related: Critical Remote Code Execution Vulnerability Patched in Android
Related: Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server
Related: SonicWall Urges Immediate Patching of Firewall Vulnerabilities
