Oracle has issued four critical patches just a day after
Microsoft released its monthly
Patch Tuesday Windows update.
In a notice on the database company's website, Oracle
recommended that users apply the fixes as soon as possible.
The
patches cover many Oracle products, including versions of
Oracle Database 11g, 9i, Oracle E-Business Suite Release 12,11i,
Oracle WebLogic Server 9.0 8.1 and Oracle JRockit.
Oracle said, "Until you apply the CPU fixes, it may be possible
to reduce the risk of successful attack by restricting network
protocols required by an attack. For attacks that require certain
privileges or access to certain packages, removing the privileges
or the ability to access the packages from unprivileged users may
help reduce the risk of successful attack. Both approaches may
break application functionality, so Oracle strongly recommends that
customers test changes on non-production systems. Neither approach
should be considered a long-term solution as neither corrects the
underlying problem."
Last month Adobe was slammed for releasing a
patch the same time as the March Patch Tuesday.
Natalie Lambert, principal analyst at Forrester Research, said,
"In an ideal world it would make sense for the IT companies to
co-ordinate their patch releases, but this is not always possible,
if there is a live exploit." Instead she urged IT departments to
create an internal schedule for testing and deploying patches.