Analyst group Gartner has warned administrators to be "more aggressive"
when protecting their Oracle applications because they are not getting enough
help from the database giant.
Gartner published an advisory on its Web site just days after Oracle's latest
quarterly patch cycle, which included a total of 103 fixes with 37 related to
flaws in the company's database products. Some of the flaws carry Oracle's
most serious rating, which means they're easy to exploit and an attack can have
a wide impact.
According to the advisory, which was posted Monday by Gartner analyst Rich Mogull, "the range and seriousness of the
vulnerabilities patched in this update cause us great concern...Oracle has not
yet experienced a mass security exploit, but this does not mean that one will
Mogull said that because Oracle has historically been seen as having very
strong security and many of Oracle's products are located "deep within the
enterprise," administrators often neglect their patching
"Moreover, patching is sometimes impossible, due to ties to legacy versions
that Oracle no longer supports. These practices are no longer acceptable," said
Mogull who advises administrators to pay more attention to securing their Oracle
Mogull said administrators should:
• Immediately shield these systems as well as possible, using firewalls,
intrusion prevention systems and other technologies.
• Apply available patches as rapidly as possible.
• Use alternative security tools, such as activity-monitoring
technologies, to detect unusual activity.
• Pressure Oracle to change its security management practices.
Oracle did not immediately respond to requests for comment.
In response to the Oracle patch release, Symantec raised its ThreatCon global
threat index to Level 2, which means an outbreak is expected. It typically does
that after a patch release because malicious hackers might use the fixes as a
blueprint for attacks.
Munir Kotadia of ZDNet Australia reported from Sydney. CNET News.com's Joris Evers contributed to this report from San Francisco.