Windows 10 support ends in October of this year, however nearly 50% of PC installations are still running Windows 10. According to Dell and HP executives, PC upgrades are happening first in enterprises. It will happen more slowly in the small-and-medium business (SMB) segment Enrique Lores, CEO of HP, said. He noted that We think this process is going to be extended. SMB customers will likely need to purchase Microsoft s 12-month Windows 10 extended support packages before upgrading. According to Ranjit Atwal, research director at Gartner, Many businesses, especially small and medium-sized enterprises, have not switched to Windows 11 due to tight budgets or because the upgrade does not offer sufficient benefits. IT managers can utilize their IT asset management tools to identify systems running windows 10 and use the information to prioritize upgrades.

Microsoft s current release notes show that none of the security holes patched this month were exploited in the wild. Nonetheless, eight of them have an exploitation more likely rating. They include information disclosure and privilege escalation issues in the Windows kernel, a remote code execution vulnerability and privilege escalation bugs in the Windows TCP/IP driver, Windows Hyper-V, Windows NTLM, and Windows SMB. Most of these vulnerabilities have a high severity rating. The most important security hole patched by Microsoft this month, based on CVSS score, is CVE-2025-55232. It is described as a remote code execution issue in the High Performance Compute pack. Other issues with a CVSS score exceeding 8.0 include remote code execution flaws in Routing and Remote Access Service, remote code execution in SharePoint, remote code execution in Office, and privilege escalation in SQL Server. IT professionals can identify unpatched and vulnerable systems using their IT asset management solution.

Security architectures have become expanded, fragmented, and as a result have become unsustainable. Intended to be well-intentioned investments, layered cyber-defense has turned into a messy web of bolt-on solutions which do more harm than good. In a recent study from IBM and Palo Alto Networks, researchers discovered that the average organization manages lover 80 security tools from nearly 30 vendors. Consequently, firms experience rising complexity, tool sprawl, and increased pressure on already-stretched teams. These complex stacks have also created ideal conditions for modern threat actors. Expanded gaps between tools, slower visibility, and weaker response times enable attackers to exploit exactly what defenders depend on for protection. CISO s can utilize the information from their IT asset management tools to identify redundant or under-utilized security software.

Old and outdated technology systems represent a problem for any CIO s. These systems are obsolete, create security risks, are difficult to integrate, but they continue in the enterprise because installing replacement systems would be too costly or disruptive to business operations. To integrate more modern systema, IT leaders can identify priority areas and involve partners across the C-suite to convey the potential business gains that can make a lengthy IT overhaul worthwhile. Kris Lovejoy, global practice lead, security and resiliency, at Kyndryl noted that CIOs should start by identifying where exactly legacy technology lives and what it s connected to. The information generated by an IT asset management solution can be invaluable in this first step to IT modernization.

Ivanti patched two high-severity insufficient filename validation issues in Endpoint Manager (EPM). The flaw could be exploited remotely, without authentication, to execute arbitrary code. In addition, the company announced patches for medium-severity vulnerabilities in Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. Fortinet released patches for a OS command injection bug in FortiDDoS that could result in code execution. It also patched a path traversal flaw in FortiWeb leading to arbitrary file read.

According to a survey conducted by consulting firm Baringa, obsolete technology causes banks to lose customers. The survey included 4,000 U.S. and U.K. residents having bank accounts and 400 U.S. and U.K. bank leaders. Nearly 70 percent of IT leaders and banking executives noted that legacy IT systems impeded modernization and negatively impacted customers digital experiences. In addition, over 60 percent of customers switched or have considered switching banks to find a better digital experience and from their bank. Over 60 percent of bank leaders estimated that some of their oldest applications were written prior to 2000. Over 30 percent of banks oldest technology infrastructure dated back to the 1960s or earlier. The information generated by an It asset management solution can help pinpoint legacy hardware and software and aid in the development of conversion plans.

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning about two patched Ivanti flaws being chained together in cyber-attacks. CISA said it was made aware of hackers using vulnerabilities (CVE-2025-4427, and CVE-2025-4428) that affect Ivanti s Endpoint Manager Mobile (EPMM) solutions to obtain system access. CVE-2025-4427is an authentication bypass in the API component of EPMM 12.5.0.0 which enables attackers to access protected resources via the API. CVE-2025-4428 is a Remote Code Execution (RCE) bug in EPMM s API component, enabling unauthenticated attackers to run arbitrary code via crafted API requests. Users are urged to apply patches as soon as possible.

According to Steve Inch, global senior print security strategist at HP Inc. "Printers are no longer just harmless office fixtures they re smart, connected devices storing sensitive data. The wrong choice can leave organizations blind to firmware attacks, tampering or intrusions, effectively laying out the welcome mat for attackers to access the wider network." according to a recent survey conducted by HP too many organizations are exposing themselves to malicious actors through their printers. Despite devoting nearly four hours per month to printer management, just over third of respondents said their organizations install firmware updates promptly. An effective IT asset management solution can help improve cyber security by identifying obsolete, unpatched and unauthorized printers.

Cisco Talos recently reported five vulnerabilities in the ControlVault3 firmware and the associated Windows APIs. These flaws expose millions of Dell laptops to persistent implants and Windows login bypasses via physical access. The issues, tracked as CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, and CVE-2025-24919, were initially disclosed in June. Dell has announced that patches for them were rolled out for over 100 Dell Pro, Latitude, and Precision models. The affected component is a hardware-based system meant to securely store passwords, biometric information, and security codes. Dell s June advisory lists all the affected models and vulnerable firmware versions, as well as the release dates of the patches. IT professionals can utilize the information from their IT asset management tools to identify affected systems.

Even though Windows 11 has a higher system requirement, by creating a custom installation media to bypass those requirements, IT professionals may be able to perform an in-place upgrade or clean installation on an unsupported computer running Windows 10. However, running the latest version of the operating system on incompatible hardware should be a "last-ditch-effort." Microsoft does not support devices that do not meet the minimum specifications. Moreover, while updates may still be accessible, full functionality is not guaranteed. In addition, running the OS without essential security features can expose the system to security risks. This third party how-to guide, explains how to upgrade a device that does not meet Windows11 minimum system requirements. System administrators can identify non-compliant devices using the information from their IT asset management solutions.

Over 29,000 Exchange servers exposed online are currently unpatched against a high-severity vulnerability. The vulnerability can allow attackers move laterally in Microsoft cloud environments, which could result incomplete domain compromise. The security flaw (CVE-2025-53786) enables hackers who gain administrative access to on-premises Exchange servers to raise privileges within the connected cloud environment. Once inside the network the threat actor can, without leaving easily detectable traces, manipulate trusted tokens or API calls. CVE-2025-53786 impacts Exchange Server 2016, Exchange Server 2019, and Microsoft Exchange Server Subscription Edition. Vulnerable devices can be identified using information generated by an IT asset management system.

Adobe recently published 13 new advisories that address vulnerabilities in Substance 3D products including Viewer, Modeler, Painter, Sampler, and Stager. The company patched one or more critical code execution vulnerability in each of them. Multiple medium severity memory leaks were also addressed. Adobe stated that it is not aware of malicious attacks exploiting any of these vulnerabilities. In addition, all of the flaws have a priority rating of 2 or 3, indicating that Adobe does not expect to see in-the-wild exploitation. IT professionals can identify unpatched systems using the information from their IT asset management solutions.

None of the vulnerabilities patched inn this release appear to have been exploited in the wild. However, a Windows privilege escalation tracked as CVE-2025-53779, has been identified as publicly disclosed. A dozen vulnerabilities have a critical severity rating. Based on their CVSS score, most of the patched vulnerabilities are high severity , except for CVE-2025-53766. Trend Micro s Zero Day Initiative (ZDI), which has summarized the patches. IT professionals can identify vulnerable systems using reports generated by their IT asset management solutions.

Fortinet recently published 14 new vulnerability advisories. The most important one is a FortiSIEM. This flaw allows an unauthenticated, remote attacker to execute arbitrary code or commands through specially crafted CLI requests. Fortinet warned that a practical exploit for this vulnerability has been found in the wild. However, the company suggests that the vulnerability has not been exploited for malicious purposes, although a PoC exploit is public. Ivanti s August 2025 Patch Tuesday updates cover two high-severity authenticated remote code execution vulnerabilities in Ivanti Avalanche.

The energy, water, waste, telecommunication, industrial, aviation, and government sectors are exposed to these attacks as they work to replace or secure end-of-life equipment in their extensive frameworks. IT professionals can identify dangerously unsupported devices using information from their IT asset management tools.

Corporate employees are currently using AI tools, many not authorized by the IT department. They are exploring creative ways to increase productivity. However, this unsanctioned innovation often becomes shadow IT, and can create serious risks in areas of security, compliance, and legal exposure. Too many organizations don't discover the problem until it's too late. This webinar combines the thoughts of IT and legal experts to show how to transform informal AI usage into structured innovation. Participants will learn strategies for assessing risk versus value, building policies that enable rather than restrain, and transform shadow AI into company-wide advantage.

The consequences of failing to upgrade can be dire. The UK s National Cyber Security Centre (NCSC) reported that many Microsoft users kept using the legacy Windows XP system after it reached its end-of-life date. This practice enabled attackers to exploiti vulnerabilities in XP systems and launch the global WannaCry ransomware attack. NCSC has warned that organizations are reluctant to upgrade Windows 10 will be firms at high risk of compromise. Security concerns about the use of To speed remediation, professionals can utilize their IT asset management solution to identify legacy and out-of-date systems

Most organizations do not have handle on what they're spending on SaaS. If managers were asked "Who owns SaaS spend in your company?" answers could range from "Finance handles it" to" "That's IT's job," or "Honestly, it depends." Therein lies the problem. Companies are spending amounts from $9,000 to $17,000 per employee annually on software, but most organizations have little knowledge of what they're actually buying. The expansion of software tools in the organization, which has become exacerbated by AI, has created a gap between what companies think they're managing and what they're actually managing. And that gap is getting more costly by the month. An It asset management tools that can identify and map SaaS licenses can help control software costs.

According to a recent Veracode report U.S. government agencies are operating with massive amounts of unresolved vulnerabilities which make them vulnerable to hackers and cybercriminals. The report found that approximately 80% of government agencies have software vulnerabilities that remain unaddressed for at least a year, and over half have long-standing software flaws that place them at even greater risk. According to Veracode, government agencies are falling short of the investments and procedures required to address vulnerable and unpatched software. Chris Wysopal, chief security evangelist at Veracode noted that, Organizations don t have a process that includes enough engineering capacity to fix security issues found vs building more features and functionality. Their fixing process is not efficient enough to keep up with new flaws found when new code is written. In addition, Tom Kennedy, vice president of federal systems at Axonius observed that Legacy government IT often lacks comprehensive visibility and integration capabilities, hindering timely identification and remediation of vulnerabilities. These older systems frequently rely on outdated software, unpatched vulnerabilities, and insecure configurations directly impacting overall security. An investment in a robust IT asset management system would facilitate the identification of vulnerable systems, speeding the patching and remediation process for any agency.

Companies are finding it difficult to keep their cloud infrastructure secure. After recently analyzing billions of production assets on AWS, Azure, Google Cloud, Oracle Cloud and Alibaba Cloud, researchers from Orca Security observed that cloud assets have on average 115 vulnerabilities. Moreover, over half have at least one such vulnerability that s over 20 years old. Consequently, attackers, including state-backed cyberespionage groups, have recently increasingly targeted cloud infrastructure. A third of analyzed cloud assets are in the neglected-asset category resources that use unsupported operating systems and/or which haven t been patched in over 180 days. The firm found that almost all companies have at least one neglected asset, typically virtual machines. These observations underscore the need for organizations to be able to quickly identify vulnerable or obsolete systems. A robust IT asset management solution is a critical too in achieving that end.

Fortinet and Ivanti recently announced patches for over a dozen vulnerabilities across their product portfolios, including fixes for several high-severity flaws. Ivanti released a Workspace Control (IWC) update to address three high-severity bugs (tracked as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455) that could result in credential leaks. The company noted that, We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program. Fortinet released 14 patches in the same timeframe to address one high severity (tracked as CVE-2025-31104) and several medium-severity, security defects.

Microsoft recently released patches for over 60 security defects across the Windows ecosystem. It called urgent attention to a WebDAV remote code execution bug (marked as important with a CVSS score of 8.8/10) which has been exploited in the wild. The vulnerability allows browser-based drive-by downloads if a target clicks on a rigged website. Check Point Software, which is credited with reporting the bug, issued a separate advisory explaining that successful exploitation could enable an attacker to execute arbitrary code on the affected system. IT professionals can utilize their IT asset management solutions to identify vulnerable or unpatched systems.

Adopting a comprehensive approach to risk management is critical to protect an organization from cybercriminals and data breaches. The integration of a robust vulnerability management lifecycle is central to maintaining effective cybersecurity and should be a key aspect of an organization's risk management. However, too many organizations still struggle to implement comprehensive vulnerability management strategies due to financial or technological constraints. Organizations can build a strong vulnerability management lifecycle without expensive tools by leveraging existing resources (such as IT asset management tools), optimizing internal processes and fostering a security-aware culture. Vulnerabilities can be discovered through various methods, including asset scanning and discovery tools, penetration testing, configuration reviews or manual assessments.

According to a recent memo the WhatsApp messaging service has been banned from all U.S. House of Representatives devices. The memo stated the "Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use." House members were advised to use other messaging apps, including Microsoft Corp's Teams platform, Amazon.com's Wickr, Signal, and Apple's iMessage and FaceTime. In the past, The House has banned other apps from staff devices including the TikTok app due to security issues. CIOs need to be aware of potential threats, and can use their IT asset management tools to identify devices with unwanted or unsanctified software.

The May 2025 Microsoft Patch Tuesday includes security updates for over 70 flaws, including five actively exploited and two publicly disclosed zero-day vulnerabilities. This release also fixes six "Critical" vulnerabilities, five of which are remote code execution vulnerabilities with another being an information disclosure bug. The specific vulnerabilities addressed are: elevation of privilege vulnerabilities (17), security feature bypass vulnerabilities (2), remote code execution vulnerabilities (28), information disclosure vulnerabilities (15), denial of service vulnerabilities (7) and spoofing vulnerabilities (2). IT professionals are urged to update their systems with the new patches. A robust IT asset management tool can help identify unpatched and vulnerable systems.

Many universities operate with obsolete or nearly obsolete IT systems. The Higher Education Policy Institute noted in a recent report that universities need an army of IT staff to keep systems from crumbling under their own weight. Maintaining legacy systems is a burden on staff and increases cyber risk. Another growing problem for universities is shadow AI. When employees struggle with outdated systems, they look for any tool that increases efficiency, even if it is unsanctioned or unsafe. Implementation of a robust IT asset management solution would provide the information for any university to plan and manage needed upgrades to its IT infrastructure.

After becoming aware of in-the-wild attacks exploiting two previously unknown vulnerabilities, Ivanti recently released emergency patches for its enterprise mobile device management (MDM) solution. The two flaws, that are tracked as CVE-2025-4427 and CVE-2025-4428, have moderate and high severity. However, when they are combined in an exploit chain, they enable unauthenticated remote code execution on Ivanti Endpoint Manager Mobile (EPMM). Ivanti released EPMM versions 11.12.0.5, 12.3.0.2, 12.4.0.2, and 12.5.0.1, which include fixes for the two vulnerabilities.

This month s Adobe Patch Tuesday releases include a major Adobe ColdFusion update that addresses a number of code execution and privilege escalation attacks. The Adobe bulletin documents 7 distinct vulnerabilities marked as critical. Adobe warned that these vulnerabilities, which carry a CVSS severity score of 9.1/10, could result in arbitrary file system read, arbitrary code execution and privilege escalation. The Adobe Photoshop software was also updated to fix three critical-severity bugs which had code execution risks. Adobe also identified a critical bug in Adobe Illustrator that should be patched with urgency. Code execution software defects in Adobe Lightroom, Adobe Dreamweaver, Adobe Connect and Adobe InDesign were also addressed. IT professionals can utilize the information generated by their IT asset management solution to identify unpatched or affected systems.

Recent research indicates that the average enterprise is using 254 distinct AI-enabled apps. Of those 254 AI apps in use, nearly ten percent have been developed by Chinese. While usage is surging, security and governance are being left behind. For example, DeepSeek clearly got a lot of headlines in January to the extent that the Pentagon and government lawmakers scrambled to block the app on government systems. after it found staff using it. DeepSeek has even been deemed a national security risk by a US House Panel. IT professionals should be concerned about the ability of apps to launch seemingly from nowhere and gain massive amounts of users very quickly. Employees often don t care about the consequences of their use of shadow-AI. Fishbowl found that nearly 70% of users hide ChatGPT from their bosses. Nearly half would refuse to stop using it if it were to be banned. Quite simply, AI tools are just too appealing for employees not to use. Too many will go to extreme lengths to get their hands on them, even without approved licenses. A robust IT asset management tool can identify unauthorized or unlicensed software across the enterprise, enhancing governance.

According to Kinly, a key motivator behind the proposed bans is the rise of Shadow AV , which is causing serious security concerns. Shadow AV includes the use of unauthorized audio-visual equipment and personal technology in the workplace. Similar to the problem of Shadow AI - the use of unauthorized AI tools in the workplace - security professionals have grown concerned about the prospect of personal tech slipping into the workplace unnoticed. An It asset management tool can assist in identifying non-corporate devices and software residing on the company s infrastructure.