ARLINGTON, Va. ? U.S. CERT ? United States Computer Emergency Readiness Team ? issued two alerts in April, one on the security vulnerabilities of various Oracle products and the other on Microsoft and the vulnerabilities discovered in Windows.
Oracle released a Critical Patch Update in April that addresses more than seventy vulnerabilities in different Oracle products and components. The Critical Patch Update provides information about which components are affected, what access and authorization are required, and how data confidentiality, integrity, and availability may be impacted.
The impact of these vulnerabilities vary depending on product or component and configuration. Potential consequences include remote execution of arbitrary code or commands, information disclosure, and denial of service. An attacker who compromises an Oracle database may be able to gain access to sensitive information.
US-CERT strongly recommends that sites running Oracle review the Critical Patch Update, apply patches, and take other mitigating action.
Oracle HTTP Server is based on the Apache HTTP Server. According to Oracle, the Critical Patch Update addresses a number of previously disclosed Apache vulnerabilities. Oracle Database Client-only installations are not affected.
On April 3, Microsoft has released a Security Bulletin that address vulnerabilities in various Windows applications and components. Exploitation of some vulnerabilities can result in the remote execution of arbitrary code by a remote attacker. Details of the vulnerabilities and their impacts are provided below.
Exploitation of these vulnerabilities may permit a remote attacker to execute arbitrary code on a vulnerable Windows system, or cause a denial-of-service condition. The solution is to apply the patch.
For further information, click on Microsoft.Com
