Industry News Roundup

In January 2023 the European Union enacted a revised version of the 2016 Network and Information systems Directive (NIS). This directive is a legislative framework intended to bolster cybersecurity across EU infrastructure. The directive requires EU member states to incorporate enhanced cybersecurity measures into law. The new rules came into effect 18 October 2024. The directive has two main pillars: Duty of Care and Duty to Report. ITAM practices can improve an organization s cybersecurity capabilities. ITAM s role in developing a comprehensive asset inventory plays a key role in identifying potential software vulnerabilities. The NIS2 directive highlights the critical nature of robust asset management practices. By maintaining a comprehensive, up-to-date IT asset inventory, vulnerability management, and collaboration with cybersecurity teams, ITAM can play a vital role in complying with the NIS2 requirements.

Microsoft s security response team patched over 55 documented software defects in Windows OS and applications. It also identified a privilege escalation bug in Windows Storage and a code execution issue in the Windows Ancillary Function Driver for WinSock. These are flagged for for immediate attention due to active exploitation. The Windows Storage Elevation of Privilege bug enables attackers to delete targeted files on a system. Microsoft also urged Windows administrators to prioritize CVE-2025-21418 as a matter of urgency. It warned that the Windows Ancillary Function Driver for WinSock contains a serious law that provides SYSTEM privileges to a successful attacker. IT managers can utilize the information from their IT asset management solutions to identify p[atched and vulnerable systems.

A recent security advisory published by the US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) stated the groups are primarily targeting critical infrastructure organizations, as well as healthcare, government, technology and manufacturing. The three agencies said in the reported that "Beginning early 2021, Ghost actors began attacking victims whose internet-facing services ran outdated versions of software and firmware. This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China." This fact underscores the need for organizations to patch or replace vulnerable systems. Unpatched or obsolete equipment can be identified using an IT asset management tool.

"A remote unauthenticated attacker who successfully exploited this vulnerability would gain the ability to execute arbitrary code within the context of the LDAP service. It managers can use their IT asset management solutions to scan for and identify any unpatched systems.

In the latest Patch Tuesday security patches Microsoft has released fixes for nearly 160 vulnerabilities, 12 which are critical with eight zero-days; three of which are currently known to be under active exploitation. according to Microsoft. Tyler Reguly, associate director of security research and development at Fortra noted that This is definitely one of those months where admins need to step back, take a deep breath, and determine their plan of attack. The three zero days vulnerabilities bring exploited are classified as CVE-2025-21335, CVE-2025-21333 and CVE-2025-21334. They impact Hyper-V which is described by one researcher as being heavily embedded in modern Windows 11 operating systems and used for a range of security tasks including device guard and credential guard, which are listed as elevation of privileges issues. Consequently, patching these vulnerabilities should be at the top of the list for patching this month. IT professionals can utilize their IT asset management tools to identify vulnerable or unpatched systems.

The vulnerabilities involved in these attacks include an admin authentication bypass patched in September, and a remote code execution bug also patched tin September). Two other bugs, an SQL injection and a remote code execution vulnerability were both remediated in October. All four bugs have been tagged as exploited in zero-day attacks. CISA added them to its Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to secure their appliances. In order to t thwart any attacks targeting users systems, the federal agencies "strongly encourage" all network administrators to upgrade their appliances to the latest supported Ivanti CSA version.

The January 2025 security updates also resolve 12 high-severity defects that could lead to remote code execution (RCE), denial-of-service (DoS), and escalation of privilege, some of which could be exploited remotely without authentication. Ivanti also issued patches for a high-severity race condition issue in Application Control Engine that could allow attackers to bypass the application blocking functionality. The company Irecommends that all customers update their Application Control instances to versions 2024.3 HF1, 2024.1 HF4, and 2023.3 HF3. Ivanti also noted that fixes will not be released for Application Control Module for Security Controls. It recommends that customers migrate to Application Control or Neurons for App Control.

As security teams are faced with an increasing number of identified vulnerabilities, vulnerability remediation is slowing at many organizations. According to an analysis by S&P Global Ratings, nearly 75% of organizations are either occasionally or infrequently remediating the vulnerabilities that affect their systems. Paul Alvarez, lead cyber risk expert at S&P Global Ratings said that Our analysis suggests that some organizations that we rate may be slow to remediate highly targeted cyber vulnerabilities, increasing the risk that computer systems could be compromised. The analysis, found that 30% of organizations remediated these vulnerabilities occasionally. CIO s concerned with identifying existing unpatched vulnerabilities can utilize the data from their IT asset management solution to pinpoint at risk devices.

Identity risks, data security risks and third-party risks are all made exacerbated by SaaS sprawl. Each new SaaS account adds a new identity that should be secured and represents a new source of third-party risk. This growing attack surface, much of which is unmanaged in most organizations, becomes an attack surface and becomes an attractive target for cyber-criminals. Data from Nudge Security indicates that the average employee creates a new SaaS account about every two weeks. That constitutes 200 new SaaS accounts per month for an organization with 100 employees. Each one of these SaaS identities expands the organization's attack surface and creates a new avenue for sensitive data to be stolen. Only a solution that can deliver continuous SaaS discovery along with just-in-time prompts can help CIOs to take appropriate steps to secure their accounts and combat this new form of shadow IT.

Ivanti recently announced patches for over ten vulnerabilities in its products. The patches addressed five critical-severity bugs in Cloud Services Application, Connect Secure, and Policy Secure. The most severe of these vulnerabilities is CVE-2024-11639, having a CVSS score of 10/10, which involved an authentication bypass affecting the Cloud Services Application (CSA) secure communication solution. The flaw allows remote, unauthenticated attackers to access CSA with administrative privileges affecting the administrator web console of the enterprise solution. The admin web console was also vulnerable to a command injection bug and an SQL injection defect, that could enable remote attackers with administrative privileges and the ability to execute arbitrary code or run arbitrary SQL statements. The companyaddressed all three flaws in CSA version 5.0.3 and has credited CrowdStrike for finding and reporting them. Users are advised to update their appliances as soon as possible.

Microsoft recently issued patches for over 70 documented security defects and called urgent attention to a zero-day vulnerability in the Windows Common Log File System (CLFS). The CLFS vulnerability has been actively exploited in the wild and carries a CVSS severity score of 7.8/10. According to the company, the CLFS driver flaw allows attackers to gain SYSTEM privileges through a heap-based buffer overflow. Microsoft warned that successful exploits require no user interaction and low privileges to execute. There have been at least 25 documented vulnerabilities in CLFS over the last five years. Earlier this year, Microsoft said it was developing a major new security mitigation to thwart a surge in cyberattacks targeting the Windows CLFS. IT managers can utilize the information from their IT asset management tools to identify vulnerable systems.

Adobe s recent patch release addresses over 160 vulnerabilities across 16 products. Approximately 90 of the vulnerabilities were patched in Adobe Experience Manager. The majority have a medium-severity CVSS score and allow arbitrary code execution. Some can be exploited to bypass security features. Adobe patched over 20 vulnerabilities in Connect. Several involved critical and high-severity issues that can be exploited for arbitrary code execution and privilege escalation. Several security holes were resolved in Adobe Animate. All of them are described as critical issues with high severity CVSS scores that can lead to arbitrary code execution. Vulnerable systems can be identified using the data generated by an IT asset management tool set.

Recently cybersecurity agencies in the US, the UK, Australia, Canada, and New Zealand reported that the top 15 vulnerabilities routinely exploited last year included several that dated back over ten years. Outside of that list list are regularly unpatched aging vulnerabilities going back as far as 2017. Experts say that or autonomous firmware and software patch management applications should be part of a CISO s toolkit. According to a recent Forrester Research survey CISOs are still cautious about adopting autonomous solutions. Just over a quarter of 510 security decision-makers said their organization currently uses a patch management solution. A third said they are willing to buy such a solution. Erik Nost, a Forrester senior analyst, explained the reluctance to adopt automated patching to the Fear of breaking something if an untested patch is installed. Nonetheless, CISO s can utilize the software information generated by an IT asset management tool to identify unpatched devives.

Microsoft's December 2024 Patch Tuesday security update includes over 70 patches. The most prominent patch addresses a Windows zero-day security vulnerability under active exploit. The company included CVEs in Windows and Windows Components, Office and Office Components, SharePoint Server, Hyper-V, Defender for Endpoint, and System Center Operations Manager. Out of this month's CVEs, 16 are rated as critical. This month s patch Tuesday brings the total number of patches for the year to 1,020, the second-most voluminous year for fixes after 2020's 1,250. CIUO s are reminded that their IT asdset management system can pinpoint vulnerable and unpatched systems.

The establishment and implementation of a comprehensive information security program that encompasses encryption, access controls, multi-factor authentication, vulnerability management, and incident response plans. A key part of vulnerability management is maintaining a comprehensive inventory of all IT assets. A robust IT asset management tool is a key part of vulnerability management.

Shadow IT is a well-documented problem in the cybersecurity industry. Employees use of unsanctioned systems and software as a workaround to bypass official IT processes and restrictions can result in a number of problems for the corporation. With AI tools becoming available for virtually every business use case or function, employees are now using unsanctioned or unauthorized AI tools and applications. This action, without the knowledge or approval of IT or security teams, creates a new phenomenon known as Shadow AI. It is estimated that half to three quarters of employees are using non-company issued AI tools. Consequently, a visibility problem emerges. Companies do not know what is happening on their own networks. A robust IT asset management toolset can provide information on Shadow IT and SAI applications and pinpoint the systems on which they are installed.

The company patched the vulnerabilities in October of 2024. CISA put CISOs who ignored the previous warnings on notice that their systems are now under threat. The vulnerabilities enable the theft of usernames, cleartext passwords and more. IT professionals can utilize the information from their IT asset management tools to identify unpatched instances of software.

After warning users about five zero-day vulnerabilities in October, Microsoft s November s Patch Tuesday update has identified another four from a total haul of nearly 90 CVEs. In terms of priorities, admins will want to start by patching the two zero days that are being actively exploited before moving on to three other vulnerabilities rated critical , plus one that is rated important . The first exploited zero day enables an attacker to elevate their privileges from an AppContainer. The second exploited zero day, has a hash disclosure flaw in the now deprecated NTLMv2 that affects all versions of Windows going back to Windows Server 2008. IT and security professionals can use their IT asset management tools to identify unpatched instances of the software.

ITAM professionals have the data on all the IT assets in a company at their fingertips. They know which users have which assets and can quickly help the cyber security staff to identify the scope of a potential attack. ITAM teams can also ensure end users can gain access to functioning endpoints in the event of an attack that renders other endpoints unusable. They also have access to the software installed on users systems, who has access to download licenses and software packages, and can coordinate blocking access to infected files. An ITAM program includes the responsibility for sourcing equipment and tracking its use. Consequently, an ITAM plan to respond to a ransomware attack is critical. That plan should determine how to get a ransomware-impacted workforce up and running after devices are impacted.