Administrators and security teams are in for a hectic week tackling 14 Microsoft security bulletins, 2 Adobe updates addressing 4 CVEs for Flash\Shockwave and Oracle has released their quarterly update for 63 of their product suites (including Java, Oracle DB, MySQL and Solaris).

Of the 14 Microsoft security bulletins, 4 remote code execution vulnerabilities are rated as “Critical” including an Internet Explorer (IE) vulnerability that affects all known versions (v6 - v11) and CVE-2015-2373 a vulnerability in remote desktop allowing remote code execution. Overall a ton of updates but nothing that initially comes across as out of the ordinary. The remaining bulletins address elevation of privilege vulnerabilities and are rated as important by Microsoft.

Summary of Oracle's Critical Patch Update Advisory:

  • Oracle Database Server: 10 new security fixes (highest CVSS score: 9.0)
    • Including 2 remotely exploitable vulns that don't require authentication
  • Oracle Fusion Middleware: 39 new security fixes (highest CVSS score: 7.5)
    • 36 of these vulnerabilities may be remotely exploitable without authentication
  • Oracle Hyperion: 4 new security fixes (highest CVSS score: 7.5)
  • Oracle Enterprise Manager Grid Control: 3 new security fixes (highest CVSS score: 5.5)
  • Oracle E-Business Suite: 13 new security fixes (highest CVSS score: 5.0)
  • Oracle Supply Chain Products Suite: 7 new security fixes (highest CVSS score: 5.0)
  • Oracle PeopleSoft Products: 8 new security fixes (highest CVSS score: 6.2)
  • Oracle Siebel CRM: 5 new security fixes (highest CVSS score: 9.3)
  • Oracle Commerce Platform: 2 new security fixes (highest CVSS score: 6.4)
  • Oracle Communications Applications: 2 new security fixes (highest CVSS score: 10.0)
  • Oracle Java SE: 25 new security fixes (highest CVSS score: 10.0)
  • Oracle Sun Systems Products: 21 new security fixes (highest CVSS score: 10.0)
  • Oracle Virtualization: 11 new security fixes (highest CVSS score: 7.8)
  • Oracle MySQL: 18 new security fixes (highest CVSS score: 6.5)
  • Oracle Berkeley DB: 25 new security fixes (highest CVSS score: 6.9)

Reminder to all: 2015-07-14 was the last update for Windows Server 2003, it is now at end-of-life (EOL) and will no longer received updates unless you've aquired an extended support contract from Microsoft.

Enjoy the patching frenzy.