Share

Oracle probably worried some DBAs earlier this week when it released its Critical Patch Update, but failed to deliver on its most critical database flaw of the quarter for 9.2.0.8 users on the Windows platform.

At the time, Oracle said this fix would come on 30 April, but now it looks like Oracle has found a way to get the patch out.

Oracle's Eric Maurice made the announcement on 20 April. So if you're running Oracle Database Server 9.2.0.8 on Windows you can rest a bit easier... once you've finished testing.

Turns out that security researcher David Litchfield first discussed this flaw in November 2005.

After Oracle released its Critical Patch Update this week, he published a research note, discussing this and a few other flaws that were patched this month.

Litchfield, managing director of Next Generation Security Software, says he first reported the bug to Oracle in 2002.