Recently, Microsoft announced, its plan to block out-of-date
ActiveX controls starting
Sep 2014. ActiveX is a software component of Microsoft Windows. If you have
Internet Explorer, then ActiveX is already installed on your computer. ActiveXcontrols are small programs, sometimes called add-ons that are
used on the Internet. Oracle Forms in R12 E-Business Suite works on this
ActiveX control (by using specific Java add-on).
Internet Explorer 8
It’s a known fact that, Oracle is slow in expanding the list
of officially certified browsers (and browser versions) with E-Business Suite. That’s
why oracle EBS users and developers (especially midsize enterprises) usually
disable/degrade the browser updates and stick to older versions of IE. This exposes
their computing environments to exploiters. Don’t believe that? Read this Microsoft
SIR Volume 16 (page 14). It says, in 2013, there is an increasing trend
towards reported vulnerabilities because of out-of-date Java Runtime
Environment (JRE). In fact, these accounts to 84.6 to 98.5 percent of total
exploit kit related detections. This number is alarming.
Best way to protect the computing environments is to keep the
JREs updated to latest available in Java
official site. This won’t always be possible for EBS users and developers,
because of two reasons. First, EBS is slow in certifying browser versions and JREs.
Second, even if Oracle certifies, enterprises/businesses needs to complete the
testing cycle, to make sure nothing breaks after upgrades, a significant time
and resource intensive task. Sometimes, these upgrades are not necessarily work
station upgrades and might needs upgrades on EBS servers too.
Well, there is a temporary solution to this dead lock. Just
keep on installing the JRE updates, without major upgrades (i.e from JRE6 to
JRE7 etc.). Oracle recently certified JRE version 6 update 81 with Oracle E-Business
Suite. This update is available as a part of Java JDK tool kit (Patch 19071743: Oracle JDK 6 Update 81 b32).
Permanent solution would be to wait, until Oracle gives up
the conventional certification methodology and come up with bring-your-own-device
(BYOD) approach. This becomes reality when industry adopts
Oracle Fusion middleware.
Reference:
No comments:
Post a Comment