US-CERT warns of SAP vulnerability

The U.S. Computer Emergency Readiness Team has warned of a vulnerability in SAP GUI, the graphical user interface client in SAP's enterprise resource planning software.

The unspecified flaw can cause Internet Explorer (IE) to crash in an exploitable manner. The flaw lies in an ActiveX control called MDrmSap, a component of SAP GUI.

The U.S. Computer Emergency Readiness Team (U.S.-CERT) warned in an SAP Note 1142431. Login is required to access the patch.

Workarounds include disabling the MDrmSap ActiveX control in IE by setting the IE killbit for CLSID {B01952B0-AF66-11D1-B10D-0060086F6D97}, or IT professionals could disable IE ActiveX controls completely.

Security company Secunia warned in an advisory that the flaw was "highly critical". Versions of SAP GUI affected are 6.x and 7.x, according to Secunia.

Talkback 0 comments

• Regional Web & Security Integration Engineer
• IT Risk and Compliance Manager SDLC / CBD / $
• VicePresident, Risk & Compliance (European Funds Giant)
• VP Global Risk & Compliance (6 yrs exp) Hong Kong
• Compliance, Risk & Security Manager

TechGuides

3 lessons a CIO can learn from Windows 7

Microsoft's missteps with Vista, and attempts at redemption with Windows 7, offers firms valuable lessons in IT, be it in rolling out a new corporate application or delivering millions of copies of a new OS.

Read more »

Latest from Blog Central

Ultimate 2012 recovery site: the moon

Read more »

Cutting-edge technology from premium sponsors

Adaptive Threat Management

High Performance Security for your Distributed Enterprise

Achieve lower TCO, agility, risk mitigation, compliance, and productivity

Webcast series: Cybercrime is a growth industry - is your organisation prepared?

More resources to optimize the security of your enterprise »

Brought to you by:

 

 

 

More Tech Showcases:

Juniper Networks

Hitachi Eco-Products