08-21-2013 2:08 PM
Hi, i am beginner in security field and have this confusion. I am using Solution Manager to find out missing security notes from my system. Should i filter the result and implement security notes that have been released after the date of the upgrade or should I include all security notes including thoses notes relased before the upgrade date.
Thank You..
08-23-2013 8:32 AM
Hi Abdul
If you are updating patches frequently in system new patches contains all these notes. If a security note is high priority you need to update this manually.
You can get more information from https://service.sap.com/securitynotes
For your information im putting content from above link.
SAP delivers important security fixes on its monthly Security Patch Day. SAP strongly recommends its customers to implement security fixes, flagged with priority 1 and priority 2, primarily fixing externally reported issues. The fixes are released on the second Tuesday of every month, and can be used to fix a particular vulnerability without needing to update a system to service packs.other security fixes like priority 3 and 4 will generally be delivered with support packages. SAP strongly recommends its customers to apply Support Packages on their systems as soon as a support pack is available.
08-28-2013 3:28 PM
09-09-2013 4:59 PM
In addition to the list of security notes at https://service.sap.com/securitynotes you should have a look to the Security Patch Process FAQ as well.
Concerning your question:
Yes, all security corrections of SAP are part of a Support Package.
But there exist some pitfalls:
Kind regards
Frank