Is It Possible to Apply Workarounds Instead of Installing Critical Patch Updates?
Oracle believes that the timely application of Critical Patch Updates is necessary for organizations to maintain a proper security in-depth posture. In certain instances, Oracle can provide specific workaround instructions if the workaround does not negatively impact other Oracle products. More generally, the information provided in the Critical Patch Update Advisory risk matrices can be used by customers to reduce or mitigate risk. For example, a security vulnerability in a product component that is unused on a particular system can be mitigated by uninstalling the component. Vulnerabilities that require an attacker to have certain privileges can be partially mitigated by restricting those privileges to trusted users. Oracle recommends that customers test workarounds or configuration changes on non-production environments before making changes to production systems.
