Oracle's Critical Patch Update January 2023 - What's new?

Once every quarter Oracle releases a Critical Patch Update (CPU), which contains a collection of patches for various security vulnerabilities. These apply to both code and third-party components which are part of Oracle products.

This quarter's update includes 323 new security patches across a variety of Oracle products, as well as 216 vulnerabilities that are particularly concerning because they may be remotely exploitable without authentication (over a network without requiring user credentials to access); as a result, we strongly advise customers to apply CPU fixes as soon as possible and prioritise these patches. 

What should I do?

Below, we’ve listed a selection of affected products and the number of identified vulnerabilities for each. If you use any of these products, it’s important you take action to address the potential vulnerabilities in your estate. But don’t worry, DSP-Explorer is here to help. Organisations frequently approach us at this time to utilise our Oracle Consultancy services and stay on top of their patches. So, please get in touch if this is an area of concern for you.

List of identified products and vulnerabilities:

• Oracle Database Server: 9
• Oracle E-Business Suite: 12
• Oracle Essbase: 2
• Oracle Financial Services Applications: 12
• Oracle Fusion Middleware: 50
• Oracle GoldenGate: 3
• Oracle Hyperion: 2
• Oracle Insurance Applications: 1
• Oracle JD Edwards: 2
• Oracle MySQL: 37
• Oracle PeopleSoft: 12
• Oracle Retail Applications: 1
• Oracle Supply Chain: 8
• Oracle Support Tools: 6
• Oracle Systems: 1
• Oracle Utilities Applications: 7 

It can be worrying to see a long list of vulnerabilities, but it's so important that your hardware and applications remain secure. As long as you stay on top of these Critical Patch Updates, your environment will be safe.

If you would like any support or advice on patching or securing your estate please get in touch with our experts, or book a meeting...