{"id":1322,"date":"2004-08-31T00:00:00","date_gmt":"2004-08-31T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2004\/08\/31\/oracle-users-monthly-patch-cycle-prudent\/"},"modified":"2021-12-30T11:39:10","modified_gmt":"2021-12-30T11:39:10","slug":"oracle-users-monthly-patch-cycle-prudent","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2004\/08\/31\/oracle-users-monthly-patch-cycle-prudent\/","title":{"rendered":"Oracle users: Monthly patch cycle prudent"},"content":{"rendered":"

Oracle Corp. has taken a page from Microsoft’s playbook, adopting its own monthly patch release.<\/p>\n","protected":false},"excerpt":{"rendered":"

Despite criticism of Microsoft’s patch cycle, reaction to Oracle’s decision so far seems positive.<\/p>\n

The Redwood Shores, Calif.-based company announced its decision to do monthly security updates last week after news of 34 vulnerabilities in multiple versions of its database server — the majority of them critical — were widely reported.<\/p>\n

Generally, the flaws have to do with the Procedural Language\/Structured Query Language and its triggers. One flaw allows an attacker to gain control of the database server without a userID or password, while others allow low-privileged users to take over the database server.<\/p>\n

“Oracle is moving to a monthly patch rollup model because we believe a single patch encompassing multiple fixes, on a predictable schedule, better meets the needs of our customers,” Oracle spokesman added. “The problem isn’t when patches aren’t available, it’s when the patches are released and people don’t apply them.<\/p>\n

http:\/\/searchsecurity.techtarget.com\/originalContent\/0,289142,sid14_gci1002437,00.html<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1322","post","type-post","status-publish","format-standard","hentry","category-product"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1322","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1322"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1322\/revisions"}],"predecessor-version":[{"id":3809,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1322\/revisions\/3809"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1322"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1322"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1322"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}