Oracle released patches for 370 vulnerabilities and 200 of them are remotely exploitable. Patch now

Oracle released 370 fixes as part of its quarterly batch of security upgrades . More than 50 critical-severity flaws are fixed by the October 2022 Critical Patch Update (CPU). Over 200 of the most recent security updates address flaws that may be remotely exploited without authentication.

Retail Applications and Communications Applications each received 27 fixes (21 remotely exploitable, unauthenticated flaws each), Financial Services Applications received 24 fixes, and MySQL received 37 new security updates (11 remotely exploitable, unauthenticated flaws) (16).

Oracle also released bug fixes for Siebel CRM (14 patches, including 12 for remotely exploitable flaws), Supply Chain (13 patches), JD Edwards (10 patches), Virtualization (10 patches), Java SE (9 patches), PeopleSoft (8 patches), Systems (8 patches), Database Server (8 patches), and Virtualization (10 patches).

Patches for GoldenGate, Secure Backup, Commerce, Construction and Engineering, E-Business Suite, Enterprise Manager, HealthCare Applications, Hospitality Applications, Hyperion, Insurance Applications, and Utilities Applications were also included in this October’s update.

Periodically, Oracle is still informed about attempts to intentionally exploit security flaws for which security updates have previously been made available. Attackers have reportedly been successful in certain cases since the targeted consumers did not deploy the latest Oracle patches. Oracle urges users to stick with actively supported versions and update immediately with security fixes from Critical Patch Updates.