Oracle Debuts Monthly Critical Security Patch Updates

Containing fixes for critical-severity vulnerabilities, the monthly rollouts will focus on addressing priority issues faster.

Starting this month, Oracle is supplementing the quarterly Critical Patch Update (CPU) fixes with monthly security releases focused on high-priority vulnerabilities.

The first monthly Critical Security Patch Update (CSPU) will roll out on May 28, addressing critical-severity vulnerabilities in the company’s products.

It will be followed by a second CSPU on June 16, and a third on August 18. In July, Oracle will release the usual quarterly CPU, which will contain both fixes for new security defects and the patches included in the prior CSPUs.

“This approach enables customers in customer-managed environments to reduce exposure by applying critical fixes sooner, without waiting for the next quarterly cycle,” the company says.

As before, organizations using Oracle-managed cloud services will receive the new security updates automatically, while self-managed customers will need to apply the fixes themselves ...