Has anybody else been contacted by SAP regarding a "Very Important Notification about Security and Your SAP System" (see mail below)??

The information is correct and there is even a Spotlight News on SAP Support Portal. But.... there is something odd about the whole thing. Why are these 4 Security Notes seleced? Some of them are from 2008. Why does SAP contact us directly and why do they send out emails??

/vitofava

**********************************************************************

Subject: Very Important Notification about Security and Your SAP System

We are writing today to bring to your attention critical information that may directly impact the security of your enterprise, and ask that you give this communication your immediate attention and response by taking a series of recommended action steps outlined below.

Software security remains a critical topic of interest to all customers and to the information technology industry. As you may know, SAP regularly publishes security-related service notes on the SAP Service Marketplace. These notes are our formal way of notifying our customers of security matters that need attention. We have noticed that the number of customers who access and execute these critical security-related service notes is below our expectation.

Therefore, we would like to draw your attention directly to a selection of security-related service notes which we consider to be especially critical for your systems:

Note 1298160 - Security note: Forbidden program execution possible

https://service.sap.com/sap/support/notes/1298160

Note 1168813 - Security note: Program DISPLAY_FUNC_INCLUDE

https://service.sap.com/sap/support/notes/1168813

Note 1167258 - Security note: Program RS_REPAIR_SOURCE

https://service.sap.com/sap/support/notes/1167258

Note 1304803 u2013 Security note: Changing a transport without authorization

https://service.sap.com/sap/support/notes/1304803

These security-related service notes have already been published on the SAP Service Marketplace. These notes have been designed to be implemented without downtime and, thus, to avoid disruption to your systems and business processes. Please immediately take the following three steps:

o Check whether these security-related service notes are relevant for your systems and if you have already implemented them in all systems. If not, we urge you to do this as quickly as possible to address any security-related impact to your organization.

o Review other security-related service notes on the SAP Service Marketplace. These notes are crucial for the security of your SAP system. You can find them at http://service.sap.com/securitynotes. Access to this information is restricted to users with a valid SAP customer account in the SAP Service Marketplace.

o Confirm that your internal systems management processes address security-related service notes in the SAP Service Marketplace with appropriate urgency on an ongoing basis. In this instance, customer implementation of these security-related service notes has shown to be below expectations.

In addition to the security-related service notes, we offer the following proactive security information:

o SAP maintains a wealth of information in the SAP Service Marketplace on security. We urge you to leverage these Security Guides, which can be accessed through this link (http://service.sap.com/securityguide).

o The SAP EarlyWatch Alert contains security checks including recommendations.

If you have specific questions about the security service offerings of SAP, please contact the SAP Support representative in your country.

Thank you for taking the time to address these key security issues within your organization. We are looking forward to working with you to assure the security of your SAP system.

Sincerely,

Henning Kagermann Leo Apotheker

Co-CEO SAP AG Co-CEO SAP AG