Tech Giants Race to Patch Critical Zero-Day and Database Vulnerabilities

Major software vendors and hardware manufacturers issued a massive wave of security updates this Tuesday, addressing dozens of critical flaws including several zero-day exploits currently being used in active attacks.

The monthly security cycle, widely known as Patch Tuesday, saw Microsoft leading the charge with fixes for 59 vulnerabilities. Most concerning are six zero-day flaws within Windows components that attackers are actively using to bypass security protocols, escalate system privileges, and trigger denial-of-service states. While Microsoft battles active exploits, SAP has alerted its enterprise clients to two critical-severity bugs, the most severe being a code injection vulnerability in CRM and S/4HANA systems boasting a near-perfect CVSS risk score of 9.9. Security experts at Onapsis warn that remediating these SAP flaws will require more than a simple click, mandating kernel updates and profile parameter adjustments to prevent unauthorized users from executing arbitrary SQL statements or compromising entire databases.

The security sweep extended into the hardware and creative software sectors as well, with Intel and Google revealing a collaborative deep-dive into Intel’s Trust Domain Extensions (TDX) 1.5. Their research uncovered five specific vulnerabilities and dozens of general weaknesses in the confidential computing module, a discovery Google attributed to the rising complexity of high-privilege software components. Simultaneously, Adobe rolled out a series of updates for its creative suite—including After Effects, InDesign, and Lightroom—though the company noted that none of these flaws appear to have been exploited by hackers yet. This massive coordinated effort was rounded out by a long list of industry leaders including Apple, Cisco, Amazon Web Services, and various Linux distributions, all of whom released patches to fortify their respective ecosystems against a rapidly evolving threat landscape.