Oracle released their quarterly critical patch update today. This patch addresses a record number of 334 vulnerabilities across a wide set of Oracle supported products.
Vulnerabilities in Weblogic, Oracle Spatial, and Oracle Fusion Middleware MapViewer are rated with CVSS scores of 9.8. Deserialization based attacks within Weblogic server has been used as attack vectors in the past year, and used to install crypto miner campaigns. It is likely that these types of campaigns will continue for the forseeable future.
We recommend the review of the full CPU release to identify impacted software packages within your organization, and make plans to address those that create the largest risk. The full bulletin is available at Oracle at the URL http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html .
Scott Fendley ISC Handler
Jul 18th 2018
10 months ago