By Robert McMillan
IDG News Service
April 20, 2007
Oracle probably worried some DBAs earlier this week when it released its
Critical Patch Update but neglected its most critical database flaw of
the quarter for 220.127.116.11 users on the Windows platform. At the time,
Oracle said this fix would come on April 30, but now it looks like
Oracle has found a way to get the patch out.
Oracle's Eric Maurice made the announcement on Friday afternoon. So if
you're running Oracle Database Server 18.104.22.168 on Windows you can rest a
bit easier ... once you've finished testing.
Turns out that security researcher David Litchfield first discussed this
flaw in November 2005. After Oracle released its Critical Patch Update
this week, he published this research note, discussing this and a few
other flaws that were patched this month. Litchfield, managing director
of Next Generation Security Software, says he first reported the bug to
Oracle in 2002.
Subscribe to InfoSec News