Industry News

Top PC manufacturers have been steadily adding AI computing capabilities to devices. Forrester VP and Principal Analyst Michele Pelino noted that AI PCs can benefit an enterprise by providing a pathway for remote and hybrid employees to work directly with AI tools. Other benefits include Bolstered security, optimized battery performance and energy efficiency are other benefits provided by those devices. However, forms won t need AI PCs to run generative AI applications on a computer as much of the of processing is done in the cloud. Consequently, companies should be selective about which employees receive an AI PC. For maximum benefit, Initial AI PC deployments should focus on employees who would benefit most from an on-device AI function. Job types could include IT developers automating code production, marketing teams creating AI-generated campaigns or operations teams streamlining processes with AI-enabled automations. An It asset management tool can pair workers with devices and the information can help guide AI PC acquisition plans.

A critical vulnerability in Fortinet FortiWeb is under active exploitation. The company was criticized for issuing a silent patch for the flaw in late October. The vulnerability with a severity score of 9.1 (tracked as CVE-2025-64446) can enable an unauthenticated attacker to execute administrative commands on a system by using specially crafted HTTP or HTTPS requests. CISA released guidance advising security teams to disable HTTP or HTTPS for internet-facing interfaces if they cannot immediately upgrade to the patched version. They should also inspect logs for any evidence of unauthorized administrator accounts being created. The patched version 8.0.2 was released on Oct. 28, but the company did not release official guidance or a CVE until this past Friday. Security teams can utilize the company s IT asset management tools set to identify unpatched systems.

According to recent reports, end-of-life devices, poorly segmented networks, unpatched systems, and visibility gaps continue to be a pervasive security concern in the enterprise. New research has revealed that enterprise networks are sprawling with PCs and servers that are running obsolete versions of operating systems and vulnerable IoT devices. According to research from Palo Alto Networks, over a quarter of Linux systems and nearly ten percent of Windows systems are running on end-of-life (EOL) versions of operating systems. The absence of security controls enables attackers to access unprotected devices without risking detection. Almost eighty percent of corporate networks are poorly segmented, where low-security devices and high-value targets are on the same network segment. IT professionals and security teams can utilize information from their IT asset management solutions to identify obsolete systems and devices creating network vulnerabilities.

Fortinet recently released patches for 17 vulnerabilities, including a zero-day resolved with the previous FortiWeb updates. The vulnerability ( tracked as CVE-2025-58034 with a CVSS score of 6.7) is an OS command injection flaw that can be exploited by authenticated attackers to execute arbitrary code on the underlying system. This is the second FortiWeb zero-day publicly disclosed within a week. Fortinet patched both exploited vulnerabilities in FortiWeb versions 8.0.2, 7.6.6, 7.4.11, 7.2.12, and 7.0.12. Users are urged update their deployments as soon as possible. CISA added the security defect to its Known Exploited Vulnerabilities (KEV) catalog, advising federal agencies to patch it within a week. Federal agencies have three weeks to resolve flaws newly added to KEV. IT managers can utilize the information provided by their IT asset management tools to identify unpatched systems.

Unsupported and aging IT infrastructure such as routers, network switches, and network-attached storage has posed a silent risk to organizations for some time. For many organizations it's less expensive and easier to just leave those boxes running in a forgotten location. However, this infrastructure may have old, insecure configurations. Furthermore, legacy tech is often no longer supported by vendors and software patches, along with other protections are not available. As generative AI platforms make it easier for attackers to find and exploit vulnerabilities in targets' systems, increasing the risk to the organization s data security. IT professionals can utilize their IT asset management toolsets to identify old technology and develop plans for its replacement.

This shadow AI use, which can introduce security vulnerabilities into the network, is pervasive. Fifty percent of workers reported they use unapproved AI tools regularly. Fewer than 20% reported using only company-approved AI tools. According to the report, security leaders were more likely than the average employee to report using unapproved tools and far more likely to do so regularly. IT management can utilize their IT Asset management tools to identify unauthorized software in use on the network.

Printers are no longer simply harmless office fixtures. The wrong choice can leave organizations open to firmware attacks, tampering or intrusions. They can a gateway for attackers to access the wider network. According to HP s survey of over 800 enterprise IT and security decision-makers, many firms are unknowingly allowing access by malicious actors through their printers. Just over 35% of respondents said their organizations install firmware updates promptly. HP found that failure to remediate known device vulnerabilities is a common problem. Over one-third of respondents reported that they can track unauthorized printer hardware changes or identify device vulnerabilities. Part of the problem is a lack of visibility. Enterprise printers are often not tracked by a centralized system. That makes it difficult for IT and security leaders to keep track of every unit. When mergers and acquisitions add to an already dispersed fleet, the challenges multiply. A robust IT asset management toolset can effectively track and identify each networked printer on the network.

New research has exposed the extent to which enterprise networks are full of PC and servers running obsolete versions of operating systems and vulnerable IoT devices. According to research from Palo Alto Networks, over twenty-five percent of Linux systems and almost ten percent of Windows systems are running on end-of-life (EOL) versions of operating systems. Palo Alto s Device Security Threat Report found that almost forty percent of IT devices registered in network directories lack active endpoint security protections. Over thirty percent of all devices in corporate networks operate outside IT control. The absence of security controls allows attackers to hack into unprotected devices without risk of detection. Over seventy-five percent corporate networks were poorly segmented, whereby low-security devices such as printers and high-value targets like financial servers are on the same network segment. Qiang Huang, VP of product management for cloud at Palo Alto Networks, noted that, What stood out in our findings is how often everyday devices like office cameras, smart sensors, or personal laptops are directly linked to sensitive systems, and how often even IT managed devices have security gaps. Nearly half of those connections come from high-risk devices that were never built with security in mind. An IT asset management solution can identify obsolete software and device configurations, and flag unknown devices on the network.

Cisco Secure Firewall ASA and FTD appliances are subject to two critical vulnerabilities (CVE-2025-20333, CVE-2025-20362) currently exploited in the wild your firewall fleet should be checked and patched immediately.

A recent campaign unleashed over 2.3 million malicious login sessions against GlobalProtect VPN portals since 14 Nov 2025. The scale and speed of the attack underscores the need for strong access controls and asset-visibility tools to monitor VPN endpoints.

Ransomware operators (notably using Akira ransomware) are increasingly compromising SMBs that are being acquired often exploiting legacy or unpatched IT assets inherited in the acquisition. Critical warning for firms acquiring companies without doing thorough asset and vulnerability audits.

A long-standing Linux kernel flaw (CVE-2024-1086) is now being actively exploited in ransomware campaigns especially concerning for organisations running on-prem or cloud Linux servers. Asset inventories should flag Linux servers and prioritise patching or mitigations.

Security researchers tracked 905 new vulnerabilities in a single weekly report, with 54 rated critical and 35 rated critical under CVSS 4.0. The breadth and volume of exposure highlights the need for automated asset and vulnerability management, to avoid missing critical patches.

New vulnerabilities (e.g. CVE-2025-31324) have been discovered in SAP environments, illustrating that enterprise application stacks remain a high-risk area and reinforcing the value of integrating enterprise software inventory into ITAM tools.

This month s security roundup warns of zero-days and high-risk flaws in widely used utilities e.g. a symbolic-link exploit in 7-Zip, a critical flaw in Oracle Fusion Middleware, plus browser and Office vulnerabilities. Broad asset coverage including non-traditional endpoints and software is now essential.

The UK government is advancing a new cybersecurity-resilience bill that will strengthen regulatory requirements for IT & critical infrastructure protection likely raising the bar for compliance, reporting, and asset governance. For ITAM/FAM vendors and users this could mean additional audit and tracking requirements.

New analysis shows that traditional perimeter security models are failing in multicloud and containerised environments calling for a Cloud Native Security Fabric approach that embeds security in infrastructure. This has implications for asset management: cloud workloads, containers and ephemeral assets need visibility in ITAM.

A recent report by a major vendor warns that aging routers, switches and storage systems often forgotten and unmanaged are a growing risk when combined with AI-speed exploitation of vulnerabilities. Organisations should identify legacy infrastructure and plan replacement or remediation.

Unmanaged devices, especially shadow IT and Bring Your Own Device (BYOD) equipment, are prime vectors for cyberattacks and corporate data theft. Organizations need to identify and catalog these rogue endpoints and bring them under IT s control. Cybercriminals need a pathway into company networks. In too many cases, that pathway is through unmanaged devices. These are often endpoints like personal devices that fall outside IT's direct control. Nonetheless they offer access to corporate networks and data. A Microsoft study showed that in over 90% of ransomware cases, attackers leveraged an unmanaged device for their initial access to the organization's network. Recent research indicates that ransomware is predicted to be the top threat for 2025. Companies can utilize their IT asset management tools to identify BYOD and shadow IT devices and bring them under IT s management

Microsoft is distributing a patch for Active Directory issues that affect some Windows Server 2025 systems after security updates released since September were installed. As the company stated when it acknowledged the issue, this known problem affects Active Directory Domain Services (AD DS) synchronization, which includes Microsoft Entra Connect Sync. A Microsoft spokesperson noted that, "Applications that use the Active Directory synchronization (DirSync) control for on-premises Active Directory Domain Services (AD DS), such as when using Microsoft Entra Connect Sync, can result in incomplete synchronization of large AD security groups exceeding 10,000 members." IT professionals can identify unpatched systems by using their IT asset management solutions.

According to a recent Gartner report, Microsoft s end-of-life deadline for Windows 10 helped boost global PC shipments in the third quarter of 2025 by over eight percent. The report noted that worldwide PC shipments neared 70 million units in Q3 2025. However, shipments in North America only grew just under 2 percent year over year. Consumer demand also affected North America s PC shipment growth, but as well, as consumers are being cautious and delaying PC purchases. IT professionals can identify systems that need to be replaced if they are not Windows 11 eligible by using the information generated by their IT asset management tools.

According to a recent report by Ensono, aging IT environments are pushing companies to prioritize system modernization as firms struggle with high maintenance costs and interoperability challenges. The firm surveyed 500 IT decision-makers at companies that generate at least $500 million in annual revenue. The Ensono survey found that cybersecurity risks, slow-release cycles and the high costs of legacy tech maintenance are primary factors driving organizations to invest in IT modernization. Almost fifty percent of the respondents indicated that legacy maintenance costs exceeded expectations and that talent gaps were a stumbling block to revamping IT infrastructure. Ensono s Chief Strategy Officer Brian Klingbeil said that, CIO s and IT leaders clearly recognize where they need to go with modernization, but lapses in workforce availability, expertise, and fluctuating budgets create headwinds that restrict sustained momentum. A robust IT asset management solution can assist in identifying legacy systems and help prioritize modernization efforts.

Microsoft s October patch release addressed a critical-severity vulnerability in the ASP.NET Core open-source web development framework. Tracked as CVE-2025-55315, the flaw has a CVSS score of 9.9. .NET security program manager Barry Dorrans described it as the highest ever for an ASP.NET Core issue. The issue is an HTTP request smuggling bug which could be used to bypass a security feature over the network. The security defect enables attackers to trigger various application behaviors by hiding an HTTP request in another request. Microsoft noted that the vulnerability can be xploited to leak sensitive information such as user credentials, tamper with file contents, or cause a denial-of-service (DoS) condition by forcing a crash within the server. Affected systems can be identified using a firm s IT asset management software.

Microsoft recently releases of patches for 173 unique CVEs in its product. Two flaws have been exploited in the wild. Patches were also released for 21 non-Microsoft CVEs. Of the 173 unique Microsoft CVEs in the October 2025 advisory, only five are critical-severity bugs. Microsoft warned that nearly a dozen of the flaws are likely to be exploited in attacks. Of the 21 non-Microsoft CVEs at least one has been exploited in the wild. Tracked as CVE-2025-47827 and impacting IGEL OS, it can lead to a Secure Boot bypass. Unpatched systems can be identified using a company s IT asset management toolset.

Windows 10 reached end of support (EOS) on October 14 of this year, but the OS is still running on hundreds of millions of devices. After October 14 Microsoft will no longer provide free software updates, technical support, or security patches for Windows 10. PCs running Windows 10 will become increasingly vulnerable to malware and other cyberattacks as no patches are released. Microsoft has launched the Extended Security Updates (ESU) program for users who cannot immediately upgrade to Windows 11. The ESU will cost commercial organizations $61 per device for the first year and the price will double each year thereafter. Microsoft also announced that ESU will be free for users in the European Economic Area (EEA). IT professionals can use their IT asset management systems to identify systems running Windows 10.

An IT asset a management tool can easily identify and report which devices are compatible.

Windows 10 support ends in October of this year, however nearly 50% of PC installations are still running Windows 10. According to Dell and HP executives, PC upgrades are happening first in enterprises. It will happen more slowly in the small-and-medium business (SMB) segment Enrique Lores, CEO of HP, said. He noted that We think this process is going to be extended. SMB customers will likely need to purchase Microsoft s 12-month Windows 10 extended support packages before upgrading. According to Ranjit Atwal, research director at Gartner, Many businesses, especially small and medium-sized enterprises, have not switched to Windows 11 due to tight budgets or because the upgrade does not offer sufficient benefits. IT managers can utilize their IT asset management tools to identify systems running windows 10 and use the information to prioritize upgrades.

Microsoft s current release notes show that none of the security holes patched this month were exploited in the wild. Nonetheless, eight of them have an exploitation more likely rating. They include information disclosure and privilege escalation issues in the Windows kernel, a remote code execution vulnerability and privilege escalation bugs in the Windows TCP/IP driver, Windows Hyper-V, Windows NTLM, and Windows SMB. Most of these vulnerabilities have a high severity rating. The most important security hole patched by Microsoft this month, based on CVSS score, is CVE-2025-55232. It is described as a remote code execution issue in the High Performance Compute pack. Other issues with a CVSS score exceeding 8.0 include remote code execution flaws in Routing and Remote Access Service, remote code execution in SharePoint, remote code execution in Office, and privilege escalation in SQL Server. IT professionals can identify unpatched and vulnerable systems using their IT asset management solution.

Security architectures have become expanded, fragmented, and as a result have become unsustainable. Intended to be well-intentioned investments, layered cyber-defense has turned into a messy web of bolt-on solutions which do more harm than good. In a recent study from IBM and Palo Alto Networks, researchers discovered that the average organization manages lover 80 security tools from nearly 30 vendors. Consequently, firms experience rising complexity, tool sprawl, and increased pressure on already-stretched teams. These complex stacks have also created ideal conditions for modern threat actors. Expanded gaps between tools, slower visibility, and weaker response times enable attackers to exploit exactly what defenders depend on for protection. CISO s can utilize the information from their IT asset management tools to identify redundant or under-utilized security software.

Old and outdated technology systems represent a problem for any CIO s. These systems are obsolete, create security risks, are difficult to integrate, but they continue in the enterprise because installing replacement systems would be too costly or disruptive to business operations. To integrate more modern systema, IT leaders can identify priority areas and involve partners across the C-suite to convey the potential business gains that can make a lengthy IT overhaul worthwhile. Kris Lovejoy, global practice lead, security and resiliency, at Kyndryl noted that CIOs should start by identifying where exactly legacy technology lives and what it s connected to. The information generated by an IT asset management solution can be invaluable in this first step to IT modernization.

Ivanti patched two high-severity insufficient filename validation issues in Endpoint Manager (EPM). The flaw could be exploited remotely, without authentication, to execute arbitrary code. In addition, the company announced patches for medium-severity vulnerabilities in Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. Fortinet released patches for a OS command injection bug in FortiDDoS that could result in code execution. It also patched a path traversal flaw in FortiWeb leading to arbitrary file read.

According to a survey conducted by consulting firm Baringa, obsolete technology causes banks to lose customers. The survey included 4,000 U.S. and U.K. residents having bank accounts and 400 U.S. and U.K. bank leaders. Nearly 70 percent of IT leaders and banking executives noted that legacy IT systems impeded modernization and negatively impacted customers digital experiences. In addition, over 60 percent of customers switched or have considered switching banks to find a better digital experience and from their bank. Over 60 percent of bank leaders estimated that some of their oldest applications were written prior to 2000. Over 30 percent of banks oldest technology infrastructure dated back to the 1960s or earlier. The information generated by an It asset management solution can help pinpoint legacy hardware and software and aid in the development of conversion plans.

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning about two patched Ivanti flaws being chained together in cyber-attacks. CISA said it was made aware of hackers using vulnerabilities (CVE-2025-4427, and CVE-2025-4428) that affect Ivanti s Endpoint Manager Mobile (EPMM) solutions to obtain system access. CVE-2025-4427is an authentication bypass in the API component of EPMM 12.5.0.0 which enables attackers to access protected resources via the API. CVE-2025-4428 is a Remote Code Execution (RCE) bug in EPMM s API component, enabling unauthenticated attackers to run arbitrary code via crafted API requests. Users are urged to apply patches as soon as possible.

According to Steve Inch, global senior print security strategist at HP Inc. "Printers are no longer just harmless office fixtures they re smart, connected devices storing sensitive data. The wrong choice can leave organizations blind to firmware attacks, tampering or intrusions, effectively laying out the welcome mat for attackers to access the wider network." according to a recent survey conducted by HP too many organizations are exposing themselves to malicious actors through their printers. Despite devoting nearly four hours per month to printer management, just over third of respondents said their organizations install firmware updates promptly. An effective IT asset management solution can help improve cyber security by identifying obsolete, unpatched and unauthorized printers.

Cisco Talos recently reported five vulnerabilities in the ControlVault3 firmware and the associated Windows APIs. These flaws expose millions of Dell laptops to persistent implants and Windows login bypasses via physical access. The issues, tracked as CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, and CVE-2025-24919, were initially disclosed in June. Dell has announced that patches for them were rolled out for over 100 Dell Pro, Latitude, and Precision models. The affected component is a hardware-based system meant to securely store passwords, biometric information, and security codes. Dell s June advisory lists all the affected models and vulnerable firmware versions, as well as the release dates of the patches. IT professionals can utilize the information from their IT asset management tools to identify affected systems.

Even though Windows 11 has a higher system requirement, by creating a custom installation media to bypass those requirements, IT professionals may be able to perform an in-place upgrade or clean installation on an unsupported computer running Windows 10. However, running the latest version of the operating system on incompatible hardware should be a "last-ditch-effort." Microsoft does not support devices that do not meet the minimum specifications. Moreover, while updates may still be accessible, full functionality is not guaranteed. In addition, running the OS without essential security features can expose the system to security risks. This third party how-to guide, explains how to upgrade a device that does not meet Windows11 minimum system requirements. System administrators can identify non-compliant devices using the information from their IT asset management solutions.

Over 29,000 Exchange servers exposed online are currently unpatched against a high-severity vulnerability. The vulnerability can allow attackers move laterally in Microsoft cloud environments, which could result incomplete domain compromise. The security flaw (CVE-2025-53786) enables hackers who gain administrative access to on-premises Exchange servers to raise privileges within the connected cloud environment. Once inside the network the threat actor can, without leaving easily detectable traces, manipulate trusted tokens or API calls. CVE-2025-53786 impacts Exchange Server 2016, Exchange Server 2019, and Microsoft Exchange Server Subscription Edition. Vulnerable devices can be identified using information generated by an IT asset management system.

Adobe recently published 13 new advisories that address vulnerabilities in Substance 3D products including Viewer, Modeler, Painter, Sampler, and Stager. The company patched one or more critical code execution vulnerability in each of them. Multiple medium severity memory leaks were also addressed. Adobe stated that it is not aware of malicious attacks exploiting any of these vulnerabilities. In addition, all of the flaws have a priority rating of 2 or 3, indicating that Adobe does not expect to see in-the-wild exploitation. IT professionals can identify unpatched systems using the information from their IT asset management solutions.

None of the vulnerabilities patched inn this release appear to have been exploited in the wild. However, a Windows privilege escalation tracked as CVE-2025-53779, has been identified as publicly disclosed. A dozen vulnerabilities have a critical severity rating. Based on their CVSS score, most of the patched vulnerabilities are high severity , except for CVE-2025-53766. Trend Micro s Zero Day Initiative (ZDI), which has summarized the patches. IT professionals can identify vulnerable systems using reports generated by their IT asset management solutions.

Fortinet recently published 14 new vulnerability advisories. The most important one is a FortiSIEM. This flaw allows an unauthenticated, remote attacker to execute arbitrary code or commands through specially crafted CLI requests. Fortinet warned that a practical exploit for this vulnerability has been found in the wild. However, the company suggests that the vulnerability has not been exploited for malicious purposes, although a PoC exploit is public. Ivanti s August 2025 Patch Tuesday updates cover two high-severity authenticated remote code execution vulnerabilities in Ivanti Avalanche.

The energy, water, waste, telecommunication, industrial, aviation, and government sectors are exposed to these attacks as they work to replace or secure end-of-life equipment in their extensive frameworks. IT professionals can identify dangerously unsupported devices using information from their IT asset management tools.

Corporate employees are currently using AI tools, many not authorized by the IT department. They are exploring creative ways to increase productivity. However, this unsanctioned innovation often becomes shadow IT, and can create serious risks in areas of security, compliance, and legal exposure. Too many organizations don't discover the problem until it's too late. This webinar combines the thoughts of IT and legal experts to show how to transform informal AI usage into structured innovation. Participants will learn strategies for assessing risk versus value, building policies that enable rather than restrain, and transform shadow AI into company-wide advantage.

The consequences of failing to upgrade can be dire. The UK s National Cyber Security Centre (NCSC) reported that many Microsoft users kept using the legacy Windows XP system after it reached its end-of-life date. This practice enabled attackers to exploiti vulnerabilities in XP systems and launch the global WannaCry ransomware attack. NCSC has warned that organizations are reluctant to upgrade Windows 10 will be firms at high risk of compromise. Security concerns about the use of To speed remediation, professionals can utilize their IT asset management solution to identify legacy and out-of-date systems

Most organizations do not have handle on what they're spending on SaaS. If managers were asked "Who owns SaaS spend in your company?" answers could range from "Finance handles it" to" "That's IT's job," or "Honestly, it depends." Therein lies the problem. Companies are spending amounts from $9,000 to $17,000 per employee annually on software, but most organizations have little knowledge of what they're actually buying. The expansion of software tools in the organization, which has become exacerbated by AI, has created a gap between what companies think they're managing and what they're actually managing. And that gap is getting more costly by the month. An It asset management tools that can identify and map SaaS licenses can help control software costs.

According to a recent Veracode report U.S. government agencies are operating with massive amounts of unresolved vulnerabilities which make them vulnerable to hackers and cybercriminals. The report found that approximately 80% of government agencies have software vulnerabilities that remain unaddressed for at least a year, and over half have long-standing software flaws that place them at even greater risk. According to Veracode, government agencies are falling short of the investments and procedures required to address vulnerable and unpatched software. Chris Wysopal, chief security evangelist at Veracode noted that, Organizations don t have a process that includes enough engineering capacity to fix security issues found vs building more features and functionality. Their fixing process is not efficient enough to keep up with new flaws found when new code is written. In addition, Tom Kennedy, vice president of federal systems at Axonius observed that Legacy government IT often lacks comprehensive visibility and integration capabilities, hindering timely identification and remediation of vulnerabilities. These older systems frequently rely on outdated software, unpatched vulnerabilities, and insecure configurations directly impacting overall security. An investment in a robust IT asset management system would facilitate the identification of vulnerable systems, speeding the patching and remediation process for any agency.

Companies are finding it difficult to keep their cloud infrastructure secure. After recently analyzing billions of production assets on AWS, Azure, Google Cloud, Oracle Cloud and Alibaba Cloud, researchers from Orca Security observed that cloud assets have on average 115 vulnerabilities. Moreover, over half have at least one such vulnerability that s over 20 years old. Consequently, attackers, including state-backed cyberespionage groups, have recently increasingly targeted cloud infrastructure. A third of analyzed cloud assets are in the neglected-asset category resources that use unsupported operating systems and/or which haven t been patched in over 180 days. The firm found that almost all companies have at least one neglected asset, typically virtual machines. These observations underscore the need for organizations to be able to quickly identify vulnerable or obsolete systems. A robust IT asset management solution is a critical too in achieving that end.

Fortinet and Ivanti recently announced patches for over a dozen vulnerabilities across their product portfolios, including fixes for several high-severity flaws. Ivanti released a Workspace Control (IWC) update to address three high-severity bugs (tracked as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455) that could result in credential leaks. The company noted that, We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program. Fortinet released 14 patches in the same timeframe to address one high severity (tracked as CVE-2025-31104) and several medium-severity, security defects.

Microsoft recently released patches for over 60 security defects across the Windows ecosystem. It called urgent attention to a WebDAV remote code execution bug (marked as important with a CVSS score of 8.8/10) which has been exploited in the wild. The vulnerability allows browser-based drive-by downloads if a target clicks on a rigged website. Check Point Software, which is credited with reporting the bug, issued a separate advisory explaining that successful exploitation could enable an attacker to execute arbitrary code on the affected system. IT professionals can utilize their IT asset management solutions to identify vulnerable or unpatched systems.

Adopting a comprehensive approach to risk management is critical to protect an organization from cybercriminals and data breaches. The integration of a robust vulnerability management lifecycle is central to maintaining effective cybersecurity and should be a key aspect of an organization's risk management. However, too many organizations still struggle to implement comprehensive vulnerability management strategies due to financial or technological constraints. Organizations can build a strong vulnerability management lifecycle without expensive tools by leveraging existing resources (such as IT asset management tools), optimizing internal processes and fostering a security-aware culture. Vulnerabilities can be discovered through various methods, including asset scanning and discovery tools, penetration testing, configuration reviews or manual assessments.

According to a recent memo the WhatsApp messaging service has been banned from all U.S. House of Representatives devices. The memo stated the "Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use." House members were advised to use other messaging apps, including Microsoft Corp's Teams platform, Amazon.com's Wickr, Signal, and Apple's iMessage and FaceTime. In the past, The House has banned other apps from staff devices including the TikTok app due to security issues. CIOs need to be aware of potential threats, and can use their IT asset management tools to identify devices with unwanted or unsanctified software.