Oracle To Issue Patch To Close Vulnerability In Database Server, Other Products

earlier patch that Oracle released last month

The potential attack vector was initially disclosed at last month's Black Hat conference in Las Vegas.

"This vulnerability is not remotely exploitable without authentication, i.e., may not be exploited over a network without the need for a username and password," reads the Oracle Security Alert for CVE-2012-3132. "A remote authenticated user can exploit this vulnerability to gain 'SYS' privileges and impact the confidentiality, integrity and availability of un-patched systems."

[Related: A Sneak Peek At Microsoft's August Patch Tuesday ]

However, the exploit is listed as having "low complexity," indicating that someone without extensive technical expertise could make the attack.

Sponsored post

Affected versions of Oracle Database Server include,,,, and Earlier versions that are no longer under vendor support are likely to be affected as well.

The company says versions and do not require patching if the July 2012 Critical Patch Update has been applied.

Oracle recommends that customers apply the patches as soon as possible.

The expected Oracle patches will coincide with Microsoft's Patch Tuesday, which occurs on the second Tuesday of every month. This month's Microsoft dispatch includes nine bulletins, five of which are rated as critical, with the remaining four rated as important.

For the sake of efficiency, IT managers and channel partners are being urged to merge patches from both vendors into a combined, high-priority workflow.

Published Aug. 13, 2012