Critical Patch Update: Microsoft, SAP, and Veeam Vulnerabilities

At Core Integrated Technologies, our top priority is keeping your business secure and compliant — and that starts with staying ahead of critical vulnerabilities before threat actors can exploit them.

This week’s security update includes multiple patches from Microsoft, SAP, and Veeam, addressing several high-severity and zero-day vulnerabilities that could allow attackers to gain administrative access, run unauthorized code, or compromise data.

🔹 What You Need to Know

Microsoft released updates addressing 172 vulnerabilities, including six zero-days and eight rated as critical.
Key issues involve elevation of privilege vulnerabilities in Windows components and a Secure Boot bypass affecting some environments.

SAP published 13 updates, including critical fixes for NetWeaver AS Java, SAP Print Service, and SAP Supplier Relationship Management, which could allow remote code execution or unauthorized file uploads if left unpatched.

Veeam released urgent patches for Backup & Replication version 12, resolving two critical remote code execution (RCE) vulnerabilities that could allow attackers to run malicious code within backup infrastructure.

🔹 What We’re Doing

Our cybersecurity and managed detection team is actively monitoring for any signs of exploitation and validating patch deployments across managed client environments.
These updates are being applied where we handle patch management on your behalf.

For clients who manage their own patching, we strongly recommend the following actions immediately:

  1. Apply the latest Microsoft, SAP, and Veeam patches as soon as possible.

  2. Enforce least privilege – restrict administrative access to only essential personnel.

  3. Require multi-factor authentication (MFA) for remote access, backup systems, and management portals.

  4. Segment critical systems, such as backups, from your general production network.

🔹 For Our Existing Clients

If your organization’s systems are managed by Core Integrated Technologies under one of our Managed Security or Managed IT Service plans, our team will handle these updates for you and ensure protections are in place.
If you’re unsure whether this applies to your environment, please reach out to your account manager or contact our support team — we’ll confirm your coverage and take any additional steps needed.

🔹 For Businesses Not Yet Working With Us

If you’re not yet a Core Integrated Technologies client, these updates are a strong reminder of how quickly new vulnerabilities emerge — and how critical it is to have a proactive cybersecurity partner monitoring and managing your systems.
Our Managed Endpoint Detection and Response (MDR) and Managed IT Services programs ensure your systems stay secure, patched, and compliant — so you can focus on running your business, not chasing vulnerabilities.

If you’d like help reviewing your patch management or cybersecurity posture, our team is here to assist.

Contact us today to learn how we can help secure your environment.

Stay secure,
CORE Support