14 DAY TRIAL // Following Microsoft's announcement that it is preparing a record number of security fixes for next week, Oracle also revealed plans to release a monster batch of patches.
Three days ago Microsoft announced through its Advance Notification Service that the upcoming "Patch Tuesday" on October 12 will see the release of 16 security bulletins covering a total of 49 vulnerabilities.
This is the largest set of security updates released by Microsoft to date, the previous record being established in August, when the company plugged 34 holes.
The vulnerabilities affect various components in Windows, Internet Explorer, Microsoft Office and Sharepoint Server. Many of them allow for remote code execution and are rated critical or important.
In comparison, Oracle's Critical Patch Update for October, which will land on the same day, will address a whooping 81 security issues.
The company has provided this list of affected products:
· Oracle Sun Product Suite · Agile PLM, version 9.3.0.0 · Siebel Core, versions 7.7, 7.8, 8.0 and 8.1 · Oracle Database 11g Release 2, version 11.2.0.1 · Oracle Database 11g Release 1, version 11.1.0.7 · Oracle Database 10g Release 2, versions 10.2.0.3 and 10.2.0.4 · Oracle Database 10g, Release 1, version 10.1.0.5 · Oracle Fusion Middleware, 11gR1, versions 11.1.1.1.0 and 11.1.1.2.0 · Oracle Application Server, 10gR3, version 10.1.3.5.0 · Oracle Application Server, 10gR2, version 10.1.2.3.0 · Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0 and 10.1.3.4.1 · Oracle Identity Management 10g, versions 10.1.4.0.1 and 10.1.4.3 · Oracle Transportation Management, versions 5.5, 6.0, and 6.1 · Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1 and 12.1.2 · Oracle E-Business Suite Release 11i, versions 11.5.10 and 11.5.10.2 · PeopleSoft Enterprise EPM, Campus Solutions, versions 8.9 and 9.0 · PeopleSoft Enterprise PeopleTools, versions 8.49 and 8.50 · PeopleSoft Enterprise CRM, FMS, HCM and SCM (Supply Chain), versions 8.9, 9.0 and 9.1 · Primavera P6 Enterprise Project Portfolio Management, versions 6.21.3.0 and 7.0.1.0
Thirty-one vulnerabilities are located in the Oracle Sun Products Suite alone and some are common to multiple products.
The most critical issue affects Solaris Scheduler and carries the highest possible base score (10.0) on the CVSS 2.0 scale.
It looks like system admins have their work cut out for them on prioritizing, testing and deploying patches across their networks.