Connect with us

Hi, what are you looking for?



Oracle Patches 200 Vulnerabilities With January 2024 CPU

Oracle releases 389 new security patches to address 200 vulnerabilities as part of the first Critical Patch Update of 2024.


Oracle on Tuesday announced 389 new security patches as part of its first Critical Patch Update (CPU) of 2024, including dozens that deal with critical-severity vulnerabilities.

SecurityWeek has identified roughly 200 unique CVEs in Oracle’s January 2024 CPU. More than 200 security patches resolve bugs that can be exploited by remote, unauthenticated attackers.

This month, Financial Services Applications was the most impacted product, receiving 71 new security patches, including 54 for vulnerabilities that can be exploited remotely without authentication.

Numerous security patches were also released for Communications (55 patches – 43 for remotely exploitable, unauthenticated flaws), Communications Applications (43 – 25), MySQL (40 – 12), and Fusion Middleware (39 – 29).

Oracle’s January 2024 CPU includes updates for E-Business Suite (19 patches – 14 for vulnerabilities exploitable remotely, without authentication), Analytics (17 – 11), Java SE (13 – 11), Enterprise Manager (12 – 11), Hyperion (11 – 10), JD Edwards (9 – 6), Systems (9 – 3), and for a dozen other products.

As usual, the patches for some of these vulnerabilities address additional security holes as well. The CPU also includes fixes for multiple non-exploitable flaws.

Some of the bugs impact multiple applications and Oracle released separate security patches for each of the affected products.

The tech giant urges all customers to apply the patches as soon as possible, warning that it periodically receives reports of in-the-wild exploitation of issues for which it has released fixes.

Advertisement. Scroll to continue reading.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible,” the company notes.

On Tuesday, Oracle also published a new bulletin to describe the vulnerabilities resolved in Oracle Linux over the past two months, and a Solaris Third Party bulletin, with details on patches for third party software distributed with Oracle Solaris.

For 2024, Oracle plans to release three more Critical Patch Updates, on the third Tuesday of April, July, and October.

Related: Oracle Patches 185 Vulnerabilities With October 2023 CPU

Related: Oracle Releases 508 New Security Patches With July 2023 CPU

Related: Oracle Releases 433 New Security Patches With April 2023 CPU

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.