I was startled by the results of an informal survey taken in an Apps security-related session at Collaborate 07 last week. The majority of session attendees indicated that they were two or more Critical Patch Updates (CPU) behind the latest release.
It’s also important to note that Critical Patch Updates for the E-Business Suite are generally not cumulative. Apps sysadmins need to apply all of the released CPUs to their E-Business Suite environment to get all of the latest security-related fixes.
I would strongly recommend adding these patches to your regular E-Business Suite maintenance cycle. The CPU release dates are published in advance, which should help you schedule their application proactively.
Critical Patch Update for April 2007 now available
The Critical Patch Update Advisory is the starting point for relevant information. It includes the list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities for each product suite, and links to other important documents. Supported products that are not listed in the “Supported Products and Components Affected” section of the advisory do not require new patches to be applied.
Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.
The next four Critical Patch Update release dates are:
- July 17, 2007
- October 16, 2007
- January 15, 2008
- April 15, 2008