Oracle drops massive 299 vulnerability patch, fixes Shadow Broker exploit

Oracle's huge security update impacts most of the firm's product families.
Written by Charlie Osborne, Contributing Writer
(Image: Malwarebytes)

Oracle has released a patch that fixes a total of 299 vulnerabilities, breaking the firm's previous record in July that resolved a total of 276 security flaws.

On Wednesday, the software giant issued a security advisory, which documented 299 security fixes for software in most of the company's product families including Oracle Database Server, Fusion Middleware, Enterprise Manager Base platform, PeopleSoft Enterprise, and Java, among others.

The majority of the fixes are for Oracle Financial Services, Retail, Communications, and MySQL software. As noted by Qualys, the vulnerabilities found within these families can be exploited remotely via HTTP to completely hijack vulnerable systems.

In total, Oracle has patched a total of 39 MySQL and 39 Oracle Retail bugs and 47 Financial Services vulnerabilities, and it has issued 8 Java security fixes.

Oracle has disclosed that out of 299 vulnerabilities, over 100 are remotely exploitable.

Among the bugs smoothed over is CVE-2017-3622, a vulnerability discovered in Solaris 10 and 11.3 through the Shadow Brokers dump.

The Shadow Brokers exploit, dubbed EXTREMEPARR, can be used for privilege escalation in Solaris. Another Shadow Brokers vulnerability, Ebbshave (CVE-2017-3623), was addressed by Oracle in a previous update and does not impact Solaris 11.

Oracle has deemed the update "critical" and revealed that the tech giant received reports of attackers successfully exploiting security flaws when software has not been updated and security fixes have not been implemented quickly. The company has urged IT administrators to update their systems "without delay."

See also: Oracle launches data integration cloud service

Oracle's next round of security updates is due on July 18, 2017.

In related news, Oracle snapped up advertising measurement firm Moat this week in a deal aimed at improving the Oracle Data Cloud's ad publishing tool portfolio. Moat joins a swathe of new acquisitions by Oracle in recent years, including Dutch code deployment startup Wercker and API development startup Apiary.

Employees will hand over work passwords to hackers for money

How to lock up your digital life and privacy in an hour (in pictures)

Editorial standards