Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, August 31, 2004

Oracle users: Monthly patch cycle prudent

Oracle Corp. has taken a page from Microsoft’s playbook, adopting its own monthly patch release.

Despite criticism of Microsoft’s patch cycle, reaction to Oracle’s decision so far seems positive.

The Redwood Shores, Calif.-based company announced its decision to do monthly security updates last week after news of 34 vulnerabilities in multiple versions of its database server—the majority of them critical—were widely reported.

Generally, the flaws have to do with the Procedural Language/Structured Query Language and its triggers.  One flaw allows an attacker to gain control of the database server without a userID or password, while others allow low-privileged users to take over the database server.

“Oracle is moving to a monthly patch rollup model because we believe a single patch encompassing multiple fixes, on a predictable schedule, better meets the needs of our customers,” Oracle spokesman added.  “The problem isn’t when patches aren’t available, it’s when the patches are released and people don’t apply them.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1002437,00.html

Posted on 08/31
Product • (0) CommentsPermalink