PATCH Tuesday saw a wave of security fixes across OS, cloud and software as vendors rush to close gaps in widely used products. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could bypass security features, escalate privileges or trigger a DoS. Adobe also released updates for Audition, After Effects, InDesign Desktop, Substance 3D, Bridge, Lightroom Classic and DNG SDK, with no known in-the-wild exploitation reported.
SAP shipped fixes for two critical vulnerabilities, including CVE-2026-0488 (SQL injection with a 9.9 CVSS score) in SAP CRM and SAP S/4HANA, and CVE-2026-0509 (9.6 CVSS) in SAP NetWeaver AS ABAP/ABAP Platform, which Onapsis said require a kernel update and profile parameter changes to avoid business disruption.
Intel and Google described their joint review of Intel Trust Domain Extensions 1.5, detailing several CVEs (including CVE-2025-32007 et al.) and noting that the updates bring confidential computing closer to parity with traditional virtualization while increasing complexity. The list of patches from other vendors continues to grow, underscoring a broad industry push to shore up security across diverse ecosystems.