Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Supply Chain Security

Oracle’s First Security Update for 2023 Includes 327 New Patches

Oracle’s Critical Patch Update for January 2023 includes 327 patches, with more than 70 that address critical-severity vulnerabilities.

Oracle on Tuesday announced the release of its first Critical Patch Update for 2023, which includes 327 new security patches. More than 70 fixes address critical-severity vulnerabilities.

Over 200 of the patches resolve security defects that can be exploited remotely without authentication. Some of the resolved bugs impact multiple products.

The highest number of new fixes was released by the tech giant for Oracle Communications, at 79. Of these, 63 vulnerabilities are remotely exploitable without authentication and 19 have a ‘critical severity’ rating.

Oracle’s January 2023 CPU includes 50 security patches that resolve flaws in Fusion Middleware. Thirty-nine of the bugs can be exploited by a remote, unauthenticated attacker, and 14 are rated ‘critical’.

Many patches were also released for Communications Applications (39 patches, including 31 for remotely exploitable without authentication) and for MySQL (37 fixes, eight for unauthenticated, remotely exploitable flaws).

Other Oracle enterprise software that received numerous patches this month includes Financial Services Applications (16 patches – 12 remotely exploitable, unauthenticated issues), E-Business Suite (12 – 10), PeopleSoft (12 – 10), Database Server (9 – 1), Supply Chain (8 – 5), Utilities Applications (7 – 7), Construction and Engineering (7 – 4), Food and Beverage Applications (7 – 2), Support Tools (6 – 6), and Virtualization (6 – 1).

Oracle’s January 2023 CPU also includes security patches for Essbase, GoldenGate, TimesTen In-Memory Database, Commerce, Enterprise Manager, Health Sciences Applications, HealthCare Applications, Hospitality Applications, Hyperion, Insurance Applications, Java SE, JD Edwards, Retail Applications, Siebel CRM, and Systems.

The tech giant also announced that, while no new patches were rolled out for applications such as Big Data Graph, Global Lifecycle Management, Graph Server and Client, and Spatial Studio, updates were made available for them to address third-party issues. Oracle released third-party patches for other products as well.

As usual, Oracle encourages customers to apply the available patches as soon as possible, underlining that it has received reports of malicious attempts to exploit unpatched issues for which fixes are available.

Related: Oracle Releases 370 New Security Patches With October 2022 CPU

Related: Oracle Releases 349 New Security Patches With July 2022 CPU

Related: Oracle Releases 520 New Security Patches With April 2022 CPU

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Vulnerabilities

A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.