Oracle slammed over security issue
Database giant Oracle has been slammed over a quarterly security update that patched some 82 vulnerabilities.
Research firm Gartner said the sheer number, coupled with the severity of many, meant that ‘Oracle can no longer be considered a bastion of security’.
Gartner says the company is providing far too little information about the scope and nature of the flaws, that unsupported products mean some companies may find it impossible to secure their servers, that no manual workarounds are described and that the patches themselves have at least anecdotally proven unstable and difficult to install.
The company says that database administrators typically rely on the fact that the servers are deep within the heart of the enterprise rather than at the network perimeter. This has led many to only apply updates irregularly.
However, proof of concept and exploit code are already available on the Internet and while Oracle has yet to suffer a mass security exploit, there’s no reason to suppose it won’t in future.
Gartner says Oracle customers should apply the update as soon as possible alongside other security measures including intrusion detection systems and other technologies. It also urges customers to engage Oracle in improving its security processes.