Oracle issues January 2020 Critical Patch Update
Oracle released its January 2020 Critical Patch Update with fixes for hundreds of vulnerabilities across Database, Middleware, Java, and business applications, requiring expedited patch rollouts and testing across Oracle estates.
Executive briefing: Oracle published its January 2020 Critical Patch Update on , supplying fixes for 334 vulnerabilities across Database, Fusion Middleware, Java SE, MySQL, PeopleSoft, and other product families. Thirty-one flaws in Java SE and 51 in Fusion Middleware carry network exploitable attack vectors without authentication, prompting accelerated remediation for internet-exposed Oracle services and middleware tiers.
Operator action: Inventory Oracle deployments by product family and version, prioritize internet-facing Fusion Middleware, WebLogic, and Java runtimes for immediate patching, and stage CPU testing in pre-production. Coordinate with DBAs and application owners on downtime windows, review Oracle's risk matrices for CVSS 9+ items, and update third-party packages that bundle Java to the latest CPU build.
Sources: The CPU advisory lists affected components and CVSS ratings; Java SE release notes document build numbers and compatibility requirements.