Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Oracle’s monster update emphasizes flaws in critical business applications

Fahmida Y. Rashid | July 24, 2017
Oracle hasn’t been “just” a database company in a long time, and nowhere is that more evident than in its quarterly critical patch update release, where the bulk of the fixes are in business applications like PeopleSoft and E-Business Suite.

It is only recently that researchers have started digging into business applications such as Oracle EBS and PeopleSoft. They weren’t originally built with security in mind and are typically not covered under traditional IT and security defenses. Considering the critical nature of these applications, securing these applications get tougher when downtime isn’t an option.

 

Not patching, or delaying, isn’t an option

Attackers don’t bother with zero-day vulnerabilities when they can exploit flaws that have been disclosed publicly. Just because a patch is available doesn’t mean the software has been updated. Consider that the WannaCry ransomware worm easily spread globally because of the number of Windows systems that had not yet been updated with the security update. Security teams are overburdened and under-resourced; they cannot apply physical patches fast enough to stay ahead of the attackers. But these applications need to be updated—they contain too many critical pieces of information to risk having them open to attack.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.