Security Experts:

Connect with us

Hi, what are you looking for?


Supply Chain Security

Oracle’s First Security Update for 2023 Includes 327 New Patches

Oracle’s Critical Patch Update for January 2023 includes 327 patches, with more than 70 that address critical-severity vulnerabilities.

Oracle on Tuesday announced the release of its first Critical Patch Update for 2023, which includes 327 new security patches. More than 70 fixes address critical-severity vulnerabilities.

Over 200 of the patches resolve security defects that can be exploited remotely without authentication. Some of the resolved bugs impact multiple products.

The highest number of new fixes was released by the tech giant for Oracle Communications, at 79. Of these, 63 vulnerabilities are remotely exploitable without authentication and 19 have a ‘critical severity’ rating.

Oracle’s January 2023 CPU includes 50 security patches that resolve flaws in Fusion Middleware. Thirty-nine of the bugs can be exploited by a remote, unauthenticated attacker, and 14 are rated ‘critical’.

Many patches were also released for Communications Applications (39 patches, including 31 for remotely exploitable without authentication) and for MySQL (37 fixes, eight for unauthenticated, remotely exploitable flaws).

Other Oracle enterprise software that received numerous patches this month includes Financial Services Applications (16 patches – 12 remotely exploitable, unauthenticated issues), E-Business Suite (12 – 10), PeopleSoft (12 – 10), Database Server (9 – 1), Supply Chain (8 – 5), Utilities Applications (7 – 7), Construction and Engineering (7 – 4), Food and Beverage Applications (7 – 2), Support Tools (6 – 6), and Virtualization (6 – 1).

Oracle’s January 2023 CPU also includes security patches for Essbase, GoldenGate, TimesTen In-Memory Database, Commerce, Enterprise Manager, Health Sciences Applications, HealthCare Applications, Hospitality Applications, Hyperion, Insurance Applications, Java SE, JD Edwards, Retail Applications, Siebel CRM, and Systems.

The tech giant also announced that, while no new patches were rolled out for applications such as Big Data Graph, Global Lifecycle Management, Graph Server and Client, and Spatial Studio, updates were made available for them to address third-party issues. Oracle released third-party patches for other products as well.

As usual, Oracle encourages customers to apply the available patches as soon as possible, underlining that it has received reports of malicious attempts to exploit unpatched issues for which fixes are available.

Related: Oracle Releases 370 New Security Patches With October 2022 CPU

Related: Oracle Releases 349 New Security Patches With July 2022 CPU

Related: Oracle Releases 520 New Security Patches With April 2022 CPU

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...