Oracle on Tuesday announced the release of its first Critical Patch Update for 2023, which includes 327 new security patches. More than 70 fixes address critical-severity vulnerabilities.
Over 200 of the patches resolve security defects that can be exploited remotely without authentication. Some of the resolved bugs impact multiple products.
The highest number of new fixes was released by the tech giant for Oracle Communications, at 79. Of these, 63 vulnerabilities are remotely exploitable without authentication and 19 have a ‘critical severity’ rating.
Oracle’s January 2023 CPU includes 50 security patches that resolve flaws in Fusion Middleware. Thirty-nine of the bugs can be exploited by a remote, unauthenticated attacker, and 14 are rated ‘critical’.
Many patches were also released for Communications Applications (39 patches, including 31 for remotely exploitable without authentication) and for MySQL (37 fixes, eight for unauthenticated, remotely exploitable flaws).
Other Oracle enterprise software that received numerous patches this month includes Financial Services Applications (16 patches – 12 remotely exploitable, unauthenticated issues), E-Business Suite (12 – 10), PeopleSoft (12 – 10), Database Server (9 – 1), Supply Chain (8 – 5), Utilities Applications (7 – 7), Construction and Engineering (7 – 4), Food and Beverage Applications (7 – 2), Support Tools (6 – 6), and Virtualization (6 – 1).
Oracle’s January 2023 CPU also includes security patches for Essbase, GoldenGate, TimesTen In-Memory Database, Commerce, Enterprise Manager, Health Sciences Applications, HealthCare Applications, Hospitality Applications, Hyperion, Insurance Applications, Java SE, JD Edwards, Retail Applications, Siebel CRM, and Systems.
The tech giant also announced that, while no new patches were rolled out for applications such as Big Data Graph, Global Lifecycle Management, Graph Server and Client, and Spatial Studio, updates were made available for them to address third-party issues. Oracle released third-party patches for other products as well.
As usual, Oracle encourages customers to apply the available patches as soon as possible, underlining that it has received reports of malicious attempts to exploit unpatched issues for which fixes are available.