Oracle has released a critical patch update fixing 167 vulnerabilities across hundreds of its products, warning that the worst of them could be remotely exploited by hackers.
The pressing fixes involve several of Oracle's most widely used products and scored a full 10.0 rating on the CVSS 2.0 Base Score for vulnerabilities, the highest score available.
"The highest CVSS 2.0 Base Score for vulnerabilities in this critical patch update is 10.0 for Fujitsu M10-1 of Oracle Sun Systems Products Suite, Java SE of Oracle Java SE, M10-4 of Oracle Sun Systems Products Suite and M10-4S Servers of Oracle Sun Systems Products Suite," read the advisory.
"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply critical patch update fixes as soon as possible."
Oracle warned that the updates for Fujitsu M10-1 of Oracle Sun Systems Products Suite are particularly important.
"This critical patch update contains 29 new security fixes for the Oracle Sun Systems Products Suite," the advisory said.
"Ten of these vulnerabilities may be remotely exploitable without authentication [and] may be exploited over a network without the need for a username and password."
The Oracle Java SE update fixes 19 flaws, 14 of which were also remotely exploitable.
The next most serious flaws relate to Oracle's Fusion Middleware, which received 35 security fixes. The worst carries a 9.3 rating and could also be remotely exploited.
The update follows reports that hackers are targeting enterprise companies with malware-laden patches purporting to come from Oracle.
The news comes during a period of heated debate about patching best practice. Microsoft announced plans on 9 January to stop offering non-paying customers advanced patch notifications.
The announcement led to a backlash in the security community, many feeling that the move is a money-grabbing tactic by Microsoft.
Google Project Zero researchers publicly disclosed the bug in December 2014 having privately reported it to Microsoft in September. The move led to a debate about what constitutes responsible threat disclosure.
Open source solutions provider makes acquisition in bid to shore up cloud development tools business
Aims to "end data bottlenecks"
Looking to boost your career in IT? Here are the best-earning roles out there!
The BlackBerry KeyOne is a strange device that brings the best of BlackBerry and Android together in a Qwerty-equipped package, but it won't be for everyone