Oracle recently released their latest Critical Patch Update which fixes vulnerabilities “in hundreds of Oracle products”. From a database perspective: it fixes 17 database vulnerabilities, two of them that can be exploited remotely without authentication. There are vulnerabilities in many of their modules, from the core RDBMS to the options like Spatial and Auditing.
Seeing the large number of vulnerabilities in Oracle’s DBMS always brings up lots of discussions and comparisons with SQL Server. Did you know that SQL Server has not had any critical vulnerabilities since September 2004? Jeff Jones does a great job digging into this and looking at the facts. It’s pretty amazing to see these comparisons and although software is rarely vulnerability free the comparison here is quite interesting.
Of course, I’m glad to see Oracle publishing these fixes and working with the security industry to address critical vulnerabilities. In the meantime, Oracle DBA’s can download the latest patch directly from Oracle here.
Oracle unbreakable? I don’t think so.