Why your organization should take care:
Maintaining the security of installed SAP software is of critical strategic importance for the continuous protection of SAP business applications to defend against new types of cyber attacks and to close newly identified potential vulnerabilities. Therefore, SAP releases security patches every second Tuesday of the month. The patches should be applied in a timely manner according to the severity of the vulnerability CVSS score and system criticality. Needed configuration steps should be taken immediately after installation. Customers and Partners can find and review the content of current and previous patches via the SAP Security Notes & News home page.
Where do you get the most relevant information:
The current SAP blog post for SAP Security Patch Day currently – March 2023 can be found here.
History of all Patches from 2022 starting February 2022 can be found here: 2022 12 Patch Day Blog V9.0.pdf (sap.com)
How can you learn about the impact and the implementation procedure for patches
As additional assistance, SAP offers webinars together with #ASUG and #DSAG to help customers and partners to implement the patches and advice on the impact and severity of individual security vulnerabilities.
- ASUG Information Security English, Wednesday 22.03 18:00 – 19:00 CEST = 12:00 EST = 09:00 PST Calendar: What’s New from SAP Security Patch – March 2023 – ASUG log in required.
- DSAG AK Security & Vulnerability Management German, Thursday 16.03.2023 15:00-16:00 CET Calendar: AK Security & Vulnerability Management- Online-Session “Diskussion zu ausgewählten SAP Security Notes” am 16.03.2023 (AK Security & Vulnerability Management) – Info (dsagnet.de) log in required.
- SAP Enterprise Support Value Map Security / SAP Enterprise Support Academy Calendar: Updates from the last SAP Security Patch Day English, Thursday 09:00-10:00 CET
- SAP Enterprise Support customers. Learning Hub. To access the SAP Learning Hub, edition for SAP Enterprise Support, a one-time registration via an s-user is required. The registration triggers an automatic eligibility check. Access is included in SAP Enterprise Support and SAP Enterprise Support, Cloud Edition as well as in SAP Product Support for Large Enterprises.
Here you can find the latest version of the presentation on SAP Support Portal /sos
The Frank Buchholz FAQ for security patching:
SAP Security Solutions:
SAP Enterprise Threat Detection, cloud edition (SAP Threat Management and Patch Monitoring)
Blog: Opening the Black Box
Code Vulnerability Management:
Blog: Code Vulnerability Analyzer Checks
Focused Run & System Recommendation / Configuration Validation (System Hardening and Patching)
Blog: SAP Analytic Cloud – System Recommendation from Solution Manager and Configuration and Security Analytics from Focused Run – How to analyse and optimize the whole system security using Cross Scenario Analytics? | SAP Blogs