Oracle Corp said on Tuesday it has released its Critical Patch Update for January 2018 to address 237 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to obtain access to sensitive information.
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible. Until users apply the Critical Patch Update fixes, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack, said Oracle.
For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from users that do not need the privileges may help reduce the risk of successful attack.
Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.