
Critical Patch Update for all JDE Users
As an annual January occurrence, Oracle has just released the E1 Critical Patch Update to address vulnerabilities in Oracle E1 Tools Release code.
In January, Oracle releases the tools upgrade vulnerabilities and where they are fixed. We have the new Critical Patch Update for 2025.
The official link is here
https://www.oracle.com/security-alerts/cpujan2025.html
Oracle JD Edwards Risk Matrix
This Critical Patch Update contains 23 new security patches, plus additional third-party patches noted below, for Oracle JD Edwards. Fourteen of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
To reach this level of Tools (9.2.9.2) on a Windows platform, the version of Windows required is Windows 2022, which was not supported until 9.2.8.x. If you choose to remain at Windows 2019 during a Tools upgrade to 9.2.8.x, then a new O/S will be required to get you to 9.2.9.x. If you are already at 9.2.9.1 then it is simply a web only tools upgrade to get you to the newly secured 9.2.9.2 level as it is a web pack tools release.
Basically, when Oracle Drops a Windows Certification like they did with this Tools Release and dropping support for 2019, a full new O/S ground up build will be required to do a tools upgrade.
For history, at tools 9.2.4.1 introduced windows 2019 support, at 9.2.6 they dropped 2016 support, and were only allowing 2019 support until 9.2.8.1, where they added 2022 and the following year at 9.2.9.1, they dropped 2019 support. (One might assume going forward, that in place upgrades are only viable for 2 years).
To find out the effort required to upgrade your system to the newest O/S to support the new Critical Patch Update, contact us today so we can help you to protect your system against vulnerabilities.