From 2f3cbf0e08c8e6711e017d5ac9ef7f101a89131c Mon Sep 17 00:00:00 2001
From: TWangmo <125948963+TWangmo@users.noreply.github.com>
Date: Mon, 22 Apr 2024 08:16:05 +0800
Subject: [PATCH] 20240419002-Oracle-Critical-Patch-Update-for-April-2024
 (#658)

* 20240416004-Critical-Rust-Standard-Library-Vulnerability

* Format markdown files

* 20240419002-Oracle-Critical-Patch-Update-for-April-2024

* Format markdown docs

---------

Co-authored-by: GitHub Actions <actions@github.com>
Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com>
Co-authored-by: TWangmo <TWangmo@users.noreply.github.com>
---
 ...le-Critical-Patch-Update-for-April-2024.md | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 docs/advisories/20240419002-Oracle-Critical-Patch-Update-for-April-2024.md

diff --git a/docs/advisories/20240419002-Oracle-Critical-Patch-Update-for-April-2024.md b/docs/advisories/20240419002-Oracle-Critical-Patch-Update-for-April-2024.md
new file mode 100644
index 000000000..21e331a07
--- /dev/null
+++ b/docs/advisories/20240419002-Oracle-Critical-Patch-Update-for-April-2024.md
@@ -0,0 +1,22 @@
+# Oracle Critical Patch Update for April 2024 - 20240419002
+
+## Overview
+
+Oracle released its quarterly Critical Patch Update Advisory for April 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
+
+## What is vulnerable?
+
+| Product(s) Affected                                                        | Summary                                                                                                         | Dated          |
+| -------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | -------------- |
+| [List of Products](https://www.oracle.com/security-alerts/cpuapr2024.html) | These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. | 18 April, 2024 |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month.* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [Oracle Patch](https://www.oracle.com/security-alerts/cpuapr2024.html)
+- [CISA](https://www.cisa.gov/news-events/alerts/2024/04/18/oracle-releases-critical-patch-update-advisory-april-2024)