Industry News - Sep 2025
Half of PCs Still Run Windows 10 Despite Looming End Of Support, PC Makers Say
Windows 10 support ends in October of this year, however nearly 50% of PC installations are still running Windows 10. According to Dell and HP executives, PC upgrades are happening first in enterprises. It will happen more slowly in the small-and-medium business (SMB) segment Enrique Lores, CEO of HP, said. He noted that We think this process is going to be extended. SMB customers will likely need to purchase Microsoft s 12-month Windows 10 extended support packages before upgrading. According to Ranjit Atwal, research director at Gartner, Many businesses, especially small and medium-sized enterprises, have not switched to Windows 11 due to tight budgets or because the upgrade does not offer sufficient benefits. IT managers can utilize their IT asset management tools to identify systems running windows 10 and use the information to prioritize upgrades.
Microsoft Patches 86 Vulnerabilities
Microsoft s current release notes show that none of the security holes patched this month were exploited in the wild. Nonetheless, eight of them have an exploitation more likely rating. They include information disclosure and privilege escalation issues in the Windows kernel, a remote code execution vulnerability and privilege escalation bugs in the Windows TCP/IP driver, Windows Hyper-V, Windows NTLM, and Windows SMB. Most of these vulnerabilities have a high severity rating. The most important security hole patched by Microsoft this month, based on CVSS score, is CVE-2025-55232. It is described as a remote code execution issue in the High Performance Compute pack. Other issues with a CVSS score exceeding 8.0 include remote code execution flaws in Routing and Remote Access Service, remote code execution in SharePoint, remote code execution in Office, and privilege escalation in SQL Server. IT professionals can identify unpatched and vulnerable systems using their IT asset management solution.
Security Tool Bloat Is the New Breach Vector
Security architectures have become expanded, fragmented, and as a result have become unsustainable. Intended to be well-intentioned investments, layered cyber-defense has turned into a messy web of bolt-on solutions which do more harm than good. In a recent study from IBM and Palo Alto Networks, researchers discovered that the average organization manages lover 80 security tools from nearly 30 vendors. Consequently, firms experience rising complexity, tool sprawl, and increased pressure on already-stretched teams. These complex stacks have also created ideal conditions for modern threat actors. Expanded gaps between tools, slower visibility, and weaker response times enable attackers to exploit exactly what defenders depend on for protection. CISO s can utilize the information from their IT asset management tools to identify redundant or under-utilized security software.
How CIOs Can Steer Legacy Tech Overhauls
Old and outdated technology systems represent a problem for any CIO s. These systems are obsolete, create security risks, are difficult to integrate, but they continue in the enterprise because installing replacement systems would be too costly or disruptive to business operations. To integrate more modern systema, IT leaders can identify priority areas and involve partners across the C-suite to convey the potential business gains that can make a lengthy IT overhaul worthwhile. Kris Lovejoy, global practice lead, security and resiliency, at Kyndryl noted that CIOs should start by identifying where exactly legacy technology lives and what it s connected to. The information generated by an IT asset management solution can be invaluable in this first step to IT modernization.
Fortinet, Ivanti, Nvidia Release Security Updates
Ivanti patched two high-severity insufficient filename validation issues in Endpoint Manager (EPM). The flaw could be exploited remotely, without authentication, to execute arbitrary code. In addition, the company announced patches for medium-severity vulnerabilities in Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. Fortinet released patches for a OS command injection bug in FortiDDoS that could result in code execution. It also patched a path traversal flaw in FortiWeb leading to arbitrary file read.
Old IT Systems Weigh Down Bank Modernization
According to a survey conducted by consulting firm Baringa, obsolete technology causes banks to lose customers. The survey included 4,000 U.S. and U.K. residents having bank accounts and 400 U.S. and U.K. bank leaders. Nearly 70 percent of IT leaders and banking executives noted that legacy IT systems impeded modernization and negatively impacted customers digital experiences. In addition, over 60 percent of customers switched or have considered switching banks to find a better digital experience and from their bank. Over 60 percent of bank leaders estimated that some of their oldest applications were written prior to 2000. Over 30 percent of banks oldest technology infrastructure dated back to the 1960s or earlier. The information generated by an It asset management solution can help pinpoint legacy hardware and software and aid in the development of conversion plans.
CISA Flags Some More Serious Ivanti Software Flaws, So Patch Now
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning about two patched Ivanti flaws being chained together in cyber-attacks. CISA said it was made aware of hackers using vulnerabilities (CVE-2025-4427, and CVE-2025-4428) that affect Ivanti s Endpoint Manager Mobile (EPMM) solutions to obtain system access. CVE-2025-4427is an authentication bypass in the API component of EPMM 12.5.0.0 which enables attackers to access protected resources via the API. CVE-2025-4428 is a Remote Code Execution (RCE) bug in EPMM s API component, enabling unauthenticated attackers to run arbitrary code via crafted API requests. Users are urged to apply patches as soon as possible.
Industry News - Aug 2025
The Humble Printer Highlights Overlooked Security Flaws
According to Steve Inch, global senior print security strategist at HP Inc. "Printers are no longer just harmless office fixtures they re smart, connected devices storing sensitive data. The wrong choice can leave organizations blind to firmware attacks, tampering or intrusions, effectively laying out the welcome mat for attackers to access the wider network." according to a recent survey conducted by HP too many organizations are exposing themselves to malicious actors through their printers. Despite devoting nearly four hours per month to printer management, just over third of respondents said their organizations install firmware updates promptly. An effective IT asset management solution can help improve cyber security by identifying obsolete, unpatched and unauthorized printers.
Flaws Expose 100 Dell Laptop Models to Implants, Windows Login Bypass
Cisco Talos recently reported five vulnerabilities in the ControlVault3 firmware and the associated Windows APIs. These flaws expose millions of Dell laptops to persistent implants and Windows login bypasses via physical access. The issues, tracked as CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, and CVE-2025-24919, were initially disclosed in June. Dell has announced that patches for them were rolled out for over 100 Dell Pro, Latitude, and Precision models. The affected component is a hardware-based system meant to securely store passwords, biometric information, and security codes. Dell s June advisory lists all the affected models and vulnerable firmware versions, as well as the release dates of the patches. IT professionals can utilize the information from their IT asset management tools to identify affected systems.
How To Upgrade An Unsupported Computer To Windows 11
Even though Windows 11 has a higher system requirement, by creating a custom installation media to bypass those requirements, IT professionals may be able to perform an in-place upgrade or clean installation on an unsupported computer running Windows 10. However, running the latest version of the operating system on incompatible hardware should be a "last-ditch-effort." Microsoft does not support devices that do not meet the minimum specifications. Moreover, while updates may still be accessible, full functionality is not guaranteed. In addition, running the OS without essential security features can expose the system to security risks. This third party how-to guide, explains how to upgrade a device that does not meet Windows11 minimum system requirements. System administrators can identify non-compliant devices using the information from their IT asset management solutions.
Over 29,000 Exchange Servers Unpatched Against High-Severity Flaw
Over 29,000 Exchange servers exposed online are currently unpatched against a high-severity vulnerability. The vulnerability can allow attackers move laterally in Microsoft cloud environments, which could result incomplete domain compromise. The security flaw (CVE-2025-53786) enables hackers who gain administrative access to on-premises Exchange servers to raise privileges within the connected cloud environment. Once inside the network the threat actor can, without leaving easily detectable traces, manipulate trusted tokens or API calls. CVE-2025-53786 impacts Exchange Server 2016, Exchange Server 2019, and Microsoft Exchange Server Subscription Edition. Vulnerable devices can be identified using information generated by an IT asset management system.
Adobe Patches Over 60 Vulnerabilities Across 13 Products
Adobe recently published 13 new advisories that address vulnerabilities in Substance 3D products including Viewer, Modeler, Painter, Sampler, and Stager. The company patched one or more critical code execution vulnerability in each of them. Multiple medium severity memory leaks were also addressed. Adobe stated that it is not aware of malicious attacks exploiting any of these vulnerabilities. In addition, all of the flaws have a priority rating of 2 or 3, indicating that Adobe does not expect to see in-the-wild exploitation. IT professionals can identify unpatched systems using the information from their IT asset management solutions.
Microsoft Patches Over 100 Vulnerabilities
None of the vulnerabilities patched inn this release appear to have been exploited in the wild. However, a Windows privilege escalation tracked as CVE-2025-53779, has been identified as publicly disclosed. A dozen vulnerabilities have a critical severity rating. Based on their CVSS score, most of the patched vulnerabilities are high severity , except for CVE-2025-53766. Trend Micro s Zero Day Initiative (ZDI), which has summarized the patches. IT professionals can identify vulnerable systems using reports generated by their IT asset management solutions.
Fortinet, Ivanti Release August 2025 Security Patches
Fortinet recently published 14 new vulnerability advisories. The most important one is a FortiSIEM. This flaw allows an unauthenticated, remote attacker to execute arbitrary code or commands through specially crafted CLI requests. Fortinet warned that a practical exploit for this vulnerability has been found in the wild. However, the company suggests that the vulnerability has not been exploited for malicious purposes, although a PoC exploit is public. Ivanti s August 2025 Patch Tuesday updates cover two high-severity authenticated remote code execution vulnerabilities in Ivanti Avalanche.
FBI Warns of Russian Cyber Hackers Targeting Critical US Infrastructure
The energy, water, waste, telecommunication, industrial, aviation, and government sectors are exposed to these attacks as they work to replace or secure end-of-life equipment in their extensive frameworks. IT professionals can identify dangerously unsupported devices using information from their IT asset management tools.
Bring Your Own AI: Turning Shadow Tools into Strategic Win
Corporate employees are currently using AI tools, many not authorized by the IT department. They are exploring creative ways to increase productivity. However, this unsanctioned innovation often becomes shadow IT, and can create serious risks in areas of security, compliance, and legal exposure. Too many organizations don't discover the problem until it's too late. This webinar combines the thoughts of IT and legal experts to show how to transform informal AI usage into structured innovation. Participants will learn strategies for assessing risk versus value, building policies that enable rather than restrain, and transform shadow AI into company-wide advantage.
Why Addressing Legacy IT is an Urgent Strategic Priority for CISOs
The consequences of failing to upgrade can be dire. The UK s National Cyber Security Centre (NCSC) reported that many Microsoft users kept using the legacy Windows XP system after it reached its end-of-life date. This practice enabled attackers to exploiti vulnerabilities in XP systems and launch the global WannaCry ransomware attack. NCSC has warned that organizations are reluctant to upgrade Windows 10 will be firms at high risk of compromise. Security concerns about the use of To speed remediation, professionals can utilize their IT asset management solution to identify legacy and out-of-date systems
Companies Spending Too Much on SaaS Could Cost Them More Than Just Money
Most organizations do not have handle on what they're spending on SaaS. If managers were asked "Who owns SaaS spend in your company?" answers could range from "Finance handles it" to" "That's IT's job," or "Honestly, it depends." Therein lies the problem. Companies are spending amounts from $9,000 to $17,000 per employee annually on software, but most organizations have little knowledge of what they're actually buying. The expansion of software tools in the organization, which has become exacerbated by AI, has created a gap between what companies think they're managing and what they're actually managing. And that gap is getting more costly by the month. An It asset management tools that can identify and map SaaS licenses can help control software costs.
Industry News - Jun 2025
Software Vulnerabilities Pile Up at Government Agencies, Research Finds
According to a recent Veracode report U.S. government agencies are operating with massive amounts of unresolved vulnerabilities which make them vulnerable to hackers and cybercriminals. The report found that approximately 80% of government agencies have software vulnerabilities that remain unaddressed for at least a year, and over half have long-standing software flaws that place them at even greater risk. According to Veracode, government agencies are falling short of the investments and procedures required to address vulnerable and unpatched software. Chris Wysopal, chief security evangelist at Veracode noted that, Organizations don t have a process that includes enough engineering capacity to fix security issues found vs building more features and functionality. Their fixing process is not efficient enough to keep up with new flaws found when new code is written. In addition, Tom Kennedy, vice president of federal systems at Axonius observed that Legacy government IT often lacks comprehensive visibility and integration capabilities, hindering timely identification and remediation of vulnerabilities. These older systems frequently rely on outdated software, unpatched vulnerabilities, and insecure configurations directly impacting overall security. An investment in a robust IT asset management system would facilitate the identification of vulnerable systems, speeding the patching and remediation process for any agency.
Cloud Assets Have 115 Vulnerabilities on Average Some Several Years Old
Companies are finding it difficult to keep their cloud infrastructure secure. After recently analyzing billions of production assets on AWS, Azure, Google Cloud, Oracle Cloud and Alibaba Cloud, researchers from Orca Security observed that cloud assets have on average 115 vulnerabilities. Moreover, over half have at least one such vulnerability that s over 20 years old. Consequently, attackers, including state-backed cyberespionage groups, have recently increasingly targeted cloud infrastructure. A third of analyzed cloud assets are in the neglected-asset category resources that use unsupported operating systems and/or which haven t been patched in over 180 days. The firm found that almost all companies have at least one neglected asset, typically virtual machines. These observations underscore the need for organizations to be able to quickly identify vulnerable or obsolete systems. A robust IT asset management solution is a critical too in achieving that end.
Fortinet, Ivanti Patch High-Severity Vulnerabilities
Fortinet and Ivanti recently announced patches for over a dozen vulnerabilities across their product portfolios, including fixes for several high-severity flaws. Ivanti released a Workspace Control (IWC) update to address three high-severity bugs (tracked as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455) that could result in credential leaks. The company noted that, We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program. Fortinet released 14 patches in the same timeframe to address one high severity (tracked as CVE-2025-31104) and several medium-severity, security defects.
Microsoft Patch Tuesday Covers WebDAV Flaw Marked as Already Exploited
Microsoft recently released patches for over 60 security defects across the Windows ecosystem. It called urgent attention to a WebDAV remote code execution bug (marked as important with a CVSS score of 8.8/10) which has been exploited in the wild. The vulnerability allows browser-based drive-by downloads if a target clicks on a rigged website. Check Point Software, which is credited with reporting the bug, issued a separate advisory explaining that successful exploitation could enable an attacker to execute arbitrary code on the affected system. IT professionals can utilize their IT asset management solutions to identify vulnerable or unpatched systems.
A Practical Approach to Integrating Vulnerability Management into Enterprise Risk Management
Adopting a comprehensive approach to risk management is critical to protect an organization from cybercriminals and data breaches. The integration of a robust vulnerability management lifecycle is central to maintaining effective cybersecurity and should be a key aspect of an organization's risk management. However, too many organizations still struggle to implement comprehensive vulnerability management strategies due to financial or technological constraints. Organizations can build a strong vulnerability management lifecycle without expensive tools by leveraging existing resources (such as IT asset management tools), optimizing internal processes and fostering a security-aware culture. Vulnerabilities can be discovered through various methods, including asset scanning and discovery tools, penetration testing, configuration reviews or manual assessments.
WhatsApp Banned on US House of Representatives Devices, Memo Shows
According to a recent memo the WhatsApp messaging service has been banned from all U.S. House of Representatives devices. The memo stated the "Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use." House members were advised to use other messaging apps, including Microsoft Corp's Teams platform, Amazon.com's Wickr, Signal, and Apple's iMessage and FaceTime. In the past, The House has banned other apps from staff devices including the TikTok app due to security issues. CIOs need to be aware of potential threats, and can use their IT asset management tools to identify devices with unwanted or unsanctified software.