Risk: Informational
Oracle is following Microsoft's lead in adopting a monthly patch cycle starting at the end of August.
Like Microsoft before it, Oracle reckons a monthly patch schedule is easier for its customers. Oracle was heavily criticised earlier this month by UK-based Next Generation Security Software (NGS Software) for its delay in releasing fixes for 34 security vulnerabilities it had unearthed. Oracle is holding up the release of fixes - developed two months ago, according to NGS Software - until its new patch distribution system is ready to go live.
An Oracle spokeswoman broke the firm's silence on the issue by confirming that NGS Software had discovered security vulnerabilities that affect Oracle Database, Oracle Application Server and Oracle Enterprise Manager. She declined to say how many bugs were involved.
Oracle is promising all the necessary patches will be ready by 31 August, at which point an alert will be issued. Meanwhile NGS Software is using its research on Oracle vulnerabilities to develop an intrusion prevention system designed to protect Oracle database servers, to be called dbfw.