Oracle has just issued a patch addressing a whole lot of vulnerabilities, 299 to be particular. This patch is making a new record, breaking last year’s July patch of 276 flaws.
The company has addressed 39 MySQL and 39 Oracle Retail flaws, 47 Financial Services flaws, and 8 Java bugs. Of the 299 vulnerabilities more than 100 are deemed remotely exploitable.
299 Security Patches Issued by Oracle in April 2017 Advisory
The software company just released a security advisory documenting the 299 security flaws in most of its products such as Oracle Database Server, Fusion Middleware, Enterprise Manager Base platform, PeopleSoft Enterprise, Java. However, most of the fixes are for Oracle Financial Services, Retail, Communications, and My SQL software. The flaws in these services could be exploited remotely via HTTP which could lead to the complete hijacking of the vulnerable systems.
Oracle also fixed 25 instances of the infamous Apache Struts vulnerability which could allow a remote attacker to take complete control of the server running Struts, as pointed out by Qualys. In addition, the struts fix was applied to 19 instances of Oracle Financial Services Applications together with WebCenter, WebLogic, Siebel, Oracle Communications, MySQL and Oracle Retail.
CVE-2017-3622 Also Fixed
CVE-2017-3622 is one of the flaws discovered in Solaris 10 and 11.3 via the Shadow Brokers dump. Not surprisingly, the patch is critical and according to reports received by Oracle the flaw has been successfully exploited in outdated software. Thus, IT admins should hurry to patch vulnerable systems as soon as possible to avoid attacks.
The Java Fixes
As reported by Qualys, Java SE was patched with 8 security fixes 7 of which could be exploited remotely without the need of authentication. AWT, JCE and other Java networking components were also affected and could have been exploited via FTP, SMTP and a bunch of other protocols.
In conclusion, this has been another huge set of patches where Oracle has issued 299 security fixes concerning all product families, addressing Apache Struts and patching additional 162 flaws that could be exploited remotely.