Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Supply Chain Security

Oracle’s First Security Update for 2023 Includes 327 New Patches

Oracle’s Critical Patch Update for January 2023 includes 327 patches, with more than 70 that address critical-severity vulnerabilities.

Oracle on Tuesday announced the release of its first Critical Patch Update for 2023, which includes 327 new security patches. More than 70 fixes address critical-severity vulnerabilities.

Over 200 of the patches resolve security defects that can be exploited remotely without authentication. Some of the resolved bugs impact multiple products.

The highest number of new fixes was released by the tech giant for Oracle Communications, at 79. Of these, 63 vulnerabilities are remotely exploitable without authentication and 19 have a ‘critical severity’ rating.

Oracle’s January 2023 CPU includes 50 security patches that resolve flaws in Fusion Middleware. Thirty-nine of the bugs can be exploited by a remote, unauthenticated attacker, and 14 are rated ‘critical’.

Many patches were also released for Communications Applications (39 patches, including 31 for remotely exploitable without authentication) and for MySQL (37 fixes, eight for unauthenticated, remotely exploitable flaws).

Other Oracle enterprise software that received numerous patches this month includes Financial Services Applications (16 patches – 12 remotely exploitable, unauthenticated issues), E-Business Suite (12 – 10), PeopleSoft (12 – 10), Database Server (9 – 1), Supply Chain (8 – 5), Utilities Applications (7 – 7), Construction and Engineering (7 – 4), Food and Beverage Applications (7 – 2), Support Tools (6 – 6), and Virtualization (6 – 1).

Oracle’s January 2023 CPU also includes security patches for Essbase, GoldenGate, TimesTen In-Memory Database, Commerce, Enterprise Manager, Health Sciences Applications, HealthCare Applications, Hospitality Applications, Hyperion, Insurance Applications, Java SE, JD Edwards, Retail Applications, Siebel CRM, and Systems.

The tech giant also announced that, while no new patches were rolled out for applications such as Big Data Graph, Global Lifecycle Management, Graph Server and Client, and Spatial Studio, updates were made available for them to address third-party issues. Oracle released third-party patches for other products as well.

Advertisement. Scroll to continue reading.

As usual, Oracle encourages customers to apply the available patches as soon as possible, underlining that it has received reports of malicious attempts to exploit unpatched issues for which fixes are available.

Related: Oracle Releases 370 New Security Patches With October 2022 CPU

Related: Oracle Releases 349 New Security Patches With July 2022 CPU

Related: Oracle Releases 520 New Security Patches With April 2022 CPU

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.