IT DRILLDOWN
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion

 CIO Consumer IT

 CIO Leader

 CIO Enterprise

 CIO Insider

 

RSS Feeds »

 
 
LEADERSHIP
 

CIO Executive Programs

The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 

CIO Executive Council

Public Teleconferences

Join CIO Executive Council members and participate in the following live teleconferences:

* Planning for Succession:
Models for IT Leadership Development, June 23
* Youth in IT: How CIOs Can Engage the Next Generation
June 10
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 
 
 
SUBSCRIBE TO CIO
 

Are you involved in setting the direction for your company's IT budget or strategy?


Apply today for a FREE subscription to CIO Magazine!

Subscription Services »

Reprints »

 
 

News Short

 

Oracle Updates Leave Serious Windows Vulnerability

 

April 18, 2007 — IDG News Service (San Francisco Bureau) — Some Oracle customers using the Windows operating system will have to wait another two weeks to receive a critical software update to their database software, thanks to a glitch that came up in testing the company's latest patches.

On Tuesday, Oracle unveiled its quarterly release of software patches, fixing not only database flaws, but also bugs in a host of other applications. In total, the patches fix 36 vulnerabilities, 13 of which relate directly to the database.

However, the most serious database flaw discussed in April's Critical Patch Update will not actually become available for users of the 9.2.0.8 version of Oracle's database until April 30, due to an issue that was uncovered in testing, said Darius Wiles, a manager with Oracle Security Alerts. The bug affects only the Windows platform and is patched on all other supported versions of the database, he added.

That flaw, known as DB01, is in the Core relational database management system (RDBMS) used by Oracle's database. It can be remotely exploited over the network, and unlike most of the database flaws, an attacker does not need to have authentication rights to the database to exploit the problem.

Wiles said it was the most critical flaw patched by Oracle this month. It is the only database flaw patched this quarter to be given the relatively severe 7.0 rating on the Common Vulnerability Scoring System. All other database patches scored a 3.4 or less.

One security expert said it looks like this flaw could be used to shut down or gain access to a database. In theory, it could even be exploited to run unauthorized software on the database server, said Alexander Kornbrust, a business director at Red-Database-Security. "I think people will now concentrate on this vulnerability," he said.

Also patched in this quarterly release are Oracle's Application Server, Collaboration Suite, E-Business Suite and Enterprise Manager, as well as the company's PeopleSoft and JD Edwards applications.

Oracle said that with its upcoming July 17 update, it will scale back the number of patches it releases for its server and middleware products. Starting next quarter, the company will not automatically produce patches for certain versions of its products on platforms that are rarely used. "Instead of systematically creating a Critical Patch Updates for those inactive combinations, we will only produce those patches if clients specifically request them," wrote Eric Maurice, a manager in Oracle's global technology business unit, in a blog posting.

Though these patches will not be shipped as part of the quarterly security updates, they will eventually make their way into Oracle's products through Oracle's other software update mechanisms, which update code less frequently than the Critical Patch process, a company spokeswoman said.

 
 
 
 
 
 
Loading...
 
 
ABCs
 

How To Do Nearly Anything

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Evolve your data center on proven technology. The Brocade DCX.

Secure your virtual and physical environments with the same software.

Get Control of Mobile Data (and More)

The Business Value of Symantec Data Center Foundation Solutions

How Plug-in Integration with Global Suppliers Quickly Multiplies the Value of SAP Investments

Gene Kim's Practical Steps to Mitigate Virtualization Security Risks

Riverbed RiOS 4.0: Raising the Bar in Wide Area Data Services

Case Study: Auto insurer accelerates backup and recovery

Case Study: Bay State Health reduced the timeframe for recovering critical patient data

Webcast: Build secure, scalable enterprise networks.

2008 Annual Google Communications Intelligence Report

Comparing Google and Other Leading Messaging Security Solutions

Webcast: Best practices in application security: How do you stack up?

IT productivity challenges: Google surveyed IT professionals

Regulations Shift Focus on Outbound Email Security

Global Crossing is the most viable alternative for voice, video and data.

The New Foundation of Storage: Xiotech's Intelligent Storage Element

3M saved $3M on printing. Learn how HP can help your business

Survival of the Fittest: Disaster Recovery Design for the Data Center

Windows Server 2008: To Upgrade or Not to Upgrade?

Data Loss Prevention Starts at the Endpoint

Performance Brief: Mobile Application Acceleration

Strategies for centralizing data backup

Green IT: Reducing Your Carbon Footprint with Citrix

The Best IT Strategy for a Company with Global Operations

Eliminate network threats and downtime with Juniper Networks. View demo.

Choose a mobile device platform with familiar programs and simplified management

How to simplify mobility and reduce the cost of supporting mobile workers

Getting the Most from your Data Protection Solution

Mitigating Risk with Security Assessments

Rethinking the Corporate Help Desk: Learn how to deliver anywhere, anytime incident response

Business Value of Performance IDC Whitepaper

Foxwoods Resort & Casino dramatically reduced both backup and recovery times

Top 10 Questions to Ask when Choosing a Secure File Transfer Solution

Webcast: The Keys to Enhancing and Securing your Enterprise Network

An Executive Guide to Understanding Hosted and Managed Messaging

Configuration Audit and Control for Virtualized Environments

Enterprise Business Security: Protect Data, Accelerate Growth

The Case and Criteria for Combining Application Acceleration and Security

Q4 2007 Email Threats Trend Report from Proofpoint and Commtouch

Webcast: Research insight into how organizations are using virtualization

3 Reasons to Invest in Integration Technology Now

A CIO's View of Server Virtualization

Let's Get Virtual: A Look at Today's Server Virtualization Architectures

Increase conversions on your site with the help of EV SSL.

Extending PCI Compliance to the Mobile Workforce

A proven approach to WAN optimization

Wireless Vulnerability Management: What It Means for Your Enterprise

Wide-area data services enable todays global enterprise

Discover PMI's credentials and career path tools