The latest in the series of Critical Patch Updates, "Oracle Critical Patch Update - January 2007
" has just been released by Oracle. The patch provides 51 new security fixes across all products. Because there is a real risk of a successful attack, remember a number of this bugs can be expolited remotely without the need for a username and password. Oracle are recommending that the patch is applied as soon as possible. This, I know from experience is difficult fo some customers. There are a few new names in the credits and a few regulars, Alex and the Litchfields. The matrix's list the bugs per product and the lists get easier read each time. Oracle do seem to be making the advisories easier to read. Lets hope that the numbers of bugs fixed each quarter get less and also the number of remotely exploitable bugs without authentication get less, then we will see really good progress.