SAP has issued an updated patch for a code-injection vulnerability affecting the TREX search engine integrated into more than a dozen SAP products.

Mike Mimoso and Chris Brook discuss the news of the week, including Pwn2Own 2017, Microsoft’s silence around February’s Patch Tuesday, and a nasty SAP bug.

SAP patched a critical vulnerability in its cloud-based business platform HANA today that if exploited, could allow for a full system compromise, without authentication.

SAP recently fixed 15 different vulnerabilities that existed in the database management system HANA and subsequent communication channels used by the software. All told the vulnerabilities affect just north of 10,000 SAP customers running different versions of the system, according to researchers at Onapsis, who disclosed the bugs Thursday. Nine of the bugs affected HANA, the cloud-based business platform...