긴급 Microsoft, Oracle 패치가 더 넓은 문제를 가리키는가?
Source: Slashdot
Emergency Updates Highlight Update Cycle Issues
Enterprise IT giants Microsoft and Oracle have each released emergency out‑of‑band fixes, drawing attention to ongoing challenges with update cycles and patching practices.
Microsoft Emergency Update (KB5085516)
Issue Details
The update addresses a problem that surfaced after the mandatory cumulative updates rolled out on Patch Tuesday earlier this month. Many users reported being unable to sign into applications with a Microsoft account, encountering a “no internet” error despite having a working connection. This prevented access to multiple services and applications. Organizations using Entra ID were not affected.
Company Response
The emergency patch arrives just days after Microsoft reaffirmed its commitment to software quality, reliability, and stability. In a blog post published 24 hours before the update, Pavan Davuluri of the Windows Insider Program emphasized that updates should be “predictable and easy to plan around.”
Michael Bell, founder and CEO of Suzu Labs, told Computer Weekly that Microsoft’s sign‑in bug patch follows “separate hotpatches for RRAS remote code execution flaws and a Bluetooth visibility bug. Three emergency fixes in eight days does not shout reliability era.”
Oracle Emergency Patch
Vulnerability Details
Oracle’s patch resolves CVE‑2026‑21992, a remote code execution flaw in the REST:WebServices component of Oracle Identity Manager and the Web Services Security component of Oracle Web Services Manager within Oracle Fusion Middleware. The vulnerability carries a CVSS score of 9.8 and can be exploited by an unauthenticated attacker with network access over HTTP.
Impact
Successful exploitation allows an attacker to execute arbitrary code on the affected system, posing a severe risk to organizations that rely on Oracle Fusion Middleware for identity and web services management.
Industry Commentary
Both incidents underscore the tension between rapid security response and the need for stable, predictable update streams. While emergency patches are essential for mitigating critical vulnerabilities, their frequency can erode confidence in the reliability of a vendor’s regular update cadence.
Read more of this story at Slashdot.