Patch Tuesday brought updates from over 60 vendors covering operating systems, cloud services, and network appliances, addressing critical risks to integrity and availability. Vendor patch surge highlights coordinated efforts against exploited flaws, including six Microsoft zero-days and SAP code injection. Enterprises face pressure to deploy amid active attacks targeting Windows, SAP CRM, and Intel TDX confidential computing.
Microsoft Zero-Days Patched
Microsoft fixed 59 vulnerabilities, six exploited in wild enabling security bypass, privilege escalation, and DoS in Windows components. Immediate deployment critical for endpoint protection.
| Vulnerability Description |
|---|
| Security feature bypass |
| Privilege escalation |
| Denial-of-service |
SAP Critical Fixes
SAP addressed two CVSS 9+ flaws in CRM/S/4HANA and NetWeaver ABAP.
| CVE Identifier | Vulnerability Description | CVSS Score |
|---|---|---|
| CVE-2026-0488 | SQL injection code injection | 9.9 |
| CVE-2026-0509 | Missing RFC authorization | 9.6 |
Kernel update and profile parameters required; role adjustments may impact processes.
Intel TDX Vulnerabilities
Google/Intel collaboration revealed five CVEs and 34 weaknesses in TDX 1.5 confidential computing.
| CVE Identifier | Vulnerability Description |
|---|---|
| CVE-2025-32007 | TDX module flaw |
| CVE-2025-27940 | TDX module flaw |
| CVE-2025-30513 | TDX module flaw |
| CVE-2025-27572 | TDX module flaw |
| CVE-2025-32467 | TDX module flaw |
Feature parity with virtualization increases TCB complexity.
Adobe Creative Suite Updates
Adobe patched Audition, After Effects, InDesign, Substance 3D, Bridge, Lightroom Classic, DNG SDK. No known exploitation.
Comprehensive Vendor List
Recent weeks saw patches from ABB, AWS, AMD, AMI, Apple, ASUS, AutomationDirect, AVEVA, Broadcom/VMware, Canon, Check Point, Cisco, Citrix, Commvault, ConnectWise, D-Link, Dassault, Dell, Devolutions, dormakaba, Drupal, F5, Fortinet, Foxit, Fujifilm, Fujitsu, Gigabyte, GitLab, Google Android/Chrome/Cloud/Pixel, Grafana, Hikvision, Hitachi, HP/HPE/Aruba/Juniper, IBM, Intel, Ivanti, Lenovo, Linux distros (AlmaLinux to Ubuntu), MediaTek,
Mitsubishi, MongoDB, Moxa, Mozilla, n8n, NVIDIA, Phoenix Contact, QNAP, Qualcomm, Ricoh, Rockwell, Samsung, Schneider, ServiceNow, Siemens, SolarWinds, Splunk, Spring Framework, Supermicro, Synology, TP-Link, WatchGuard, Zoho, Zoom, Zyxel.
Patch deployment via vendor portals essential to mitigate risks across ecosystems.
Vendor patch surge underscores vulnerability proliferation across platforms; timely updates preserve system integrity against zero-days and critical flaws documented by Microsoft, SAP, Adobe, Intel.
No Comment! Be the first one.