The Latest Round of Critical Patches: What You Need to Know
According to The Hacker News, three major vendors—Ivanti, Fortinet, and SAP—have just released security updates that fix multiple critical flaws in their products. These aren't minor bugs. Some of the vulnerabilities scored a perfect 10 out of 10 on the industry's severity scale, meaning an attacker could remotely take over an entire system with no password or user action required.
While there are no reports of these specific flaws being used in live attacks yet, that's no reason to relax. History shows that once a patch is published, cybercriminals quickly reverse-engineer it to build their own exploit code. For any business running these tools, the window to protect yourself is shrinking fast.
Why the Same Pattern Repeats Across Enterprise Software
This isn't the first time we've seen a wave of high-severity patches from Ivanti, Fortinet, or SAP—and it won't be the last. The root cause often traces back to how software is built: legacy code that was never designed for today's threat landscape, rushed feature releases, and insufficient security testing before launch.
Vendors are essentially playing catch-up. They rely on security researchers or internal audits to uncover problems, then rush out a fix. For businesses, this creates a constant game of "patch or get hacked." The real issue isn't the vulnerability itself—it's the delay between discovery and action. Every day your system sits unpatched, the risk grows.
What This Means for Australian SMBs
Small and mid-sized businesses in Australia are particularly exposed here. Many don't have a dedicated cybersecurity team, and patch management often gets pushed aside for more urgent daily tasks. If you're running older versions of Ivanti, Fortinet, or SAP—perhaps because of cost concerns or fear that updates will break something—you are now a prime target.
Australian businesses have been hit hard by ransomware and data breaches in recent years, and attackers almost always go after known vulnerabilities that haven't been patched. A single unaddressed flaw in a sandbox or authentication gateway can give criminals the keys to your entire network. The cost of patching is tiny compared to the cost of a breach.
What You Can Do Now
- Check your current software versions against the patches listed in the news—Ivanti Sentry, FortiSandbox, and SAP NetWeaver are the ones to look at first.
- Set a recurring monthly review of all vendor security bulletins, or subscribe to an alert service so you never miss a critical update.
- Apply patches to non-production systems first to verify stability, then roll them out to production within one week.
- Enable automatic updates for any software that supports safe, tested auto-patching—but only after confirming your backup and restore process works.
- Segment your network so that vulnerable systems like sandboxes or management consoles are not exposed directly to the internet without a firewall or VPN.
If managing this on your own feels overwhelming, you're not alone. At MS&VG, we help Australian small and mid-sized businesses stay on top of critical patches and security hygiene without the headache. A quick check with your IT partner could save you from a costly incident.