Industry News Roundup

Ivanti recently announced patches for over ten vulnerabilities in its products. The patches addressed five critical-severity bugs in Cloud Services Application, Connect Secure, and Policy Secure. The most severe of these vulnerabilities is CVE-2024-11639, having a CVSS score of 10/10, which involved an authentication bypass affecting the Cloud Services Application (CSA) secure communication solution. The flaw allows remote, unauthenticated attackers to access CSA with administrative privileges affecting the administrator web console of the enterprise solution. The admin web console was also vulnerable to a command injection bug and an SQL injection defect, that could enable remote attackers with administrative privileges and the ability to execute arbitrary code or run arbitrary SQL statements. The companyaddressed all three flaws in CSA version 5.0.3 and has credited CrowdStrike for finding and reporting them. Users are advised to update their appliances as soon as possible.

Microsoft recently issued patches for over 70 documented security defects and called urgent attention to a zero-day vulnerability in the Windows Common Log File System (CLFS). The CLFS vulnerability has been actively exploited in the wild and carries a CVSS severity score of 7.8/10. According to the company, the CLFS driver flaw allows attackers to gain SYSTEM privileges through a heap-based buffer overflow. Microsoft warned that successful exploits require no user interaction and low privileges to execute. There have been at least 25 documented vulnerabilities in CLFS over the last five years. Earlier this year, Microsoft said it was developing a major new security mitigation to thwart a surge in cyberattacks targeting the Windows CLFS. IT managers can utilize the information from their IT asset management tools to identify vulnerable systems.

Adobe s recent patch release addresses over 160 vulnerabilities across 16 products. Approximately 90 of the vulnerabilities were patched in Adobe Experience Manager. The majority have a medium-severity CVSS score and allow arbitrary code execution. Some can be exploited to bypass security features. Adobe patched over 20 vulnerabilities in Connect. Several involved critical and high-severity issues that can be exploited for arbitrary code execution and privilege escalation. Several security holes were resolved in Adobe Animate. All of them are described as critical issues with high severity CVSS scores that can lead to arbitrary code execution. Vulnerable systems can be identified using the data generated by an IT asset management tool set.

Recently cybersecurity agencies in the US, the UK, Australia, Canada, and New Zealand reported that the top 15 vulnerabilities routinely exploited last year included several that dated back over ten years. Outside of that list list are regularly unpatched aging vulnerabilities going back as far as 2017. Experts say that or autonomous firmware and software patch management applications should be part of a CISO s toolkit. According to a recent Forrester Research survey CISOs are still cautious about adopting autonomous solutions. Just over a quarter of 510 security decision-makers said their organization currently uses a patch management solution. A third said they are willing to buy such a solution. Erik Nost, a Forrester senior analyst, explained the reluctance to adopt automated patching to the Fear of breaking something if an untested patch is installed. Nonetheless, CISO s can utilize the software information generated by an IT asset management tool to identify unpatched devives.

Microsoft's December 2024 Patch Tuesday security update includes over 70 patches. The most prominent patch addresses a Windows zero-day security vulnerability under active exploit. The company included CVEs in Windows and Windows Components, Office and Office Components, SharePoint Server, Hyper-V, Defender for Endpoint, and System Center Operations Manager. Out of this month's CVEs, 16 are rated as critical. This month s patch Tuesday brings the total number of patches for the year to 1,020, the second-most voluminous year for fixes after 2020's 1,250. CIUO s are reminded that their IT asdset management system can pinpoint vulnerable and unpatched systems.

The establishment and implementation of a comprehensive information security program that encompasses encryption, access controls, multi-factor authentication, vulnerability management, and incident response plans. A key part of vulnerability management is maintaining a comprehensive inventory of all IT assets. A robust IT asset management tool is a key part of vulnerability management.

Shadow IT is a well-documented problem in the cybersecurity industry. Employees use of unsanctioned systems and software as a workaround to bypass official IT processes and restrictions can result in a number of problems for the corporation. With AI tools becoming available for virtually every business use case or function, employees are now using unsanctioned or unauthorized AI tools and applications. This action, without the knowledge or approval of IT or security teams, creates a new phenomenon known as Shadow AI. It is estimated that half to three quarters of employees are using non-company issued AI tools. Consequently, a visibility problem emerges. Companies do not know what is happening on their own networks. A robust IT asset management toolset can provide information on Shadow IT and SAI applications and pinpoint the systems on which they are installed.

The company patched the vulnerabilities in October of 2024. CISA put CISOs who ignored the previous warnings on notice that their systems are now under threat. The vulnerabilities enable the theft of usernames, cleartext passwords and more. IT professionals can utilize the information from their IT asset management tools to identify unpatched instances of software.

After warning users about five zero-day vulnerabilities in October, Microsoft s November s Patch Tuesday update has identified another four from a total haul of nearly 90 CVEs. In terms of priorities, admins will want to start by patching the two zero days that are being actively exploited before moving on to three other vulnerabilities rated critical , plus one that is rated important . The first exploited zero day enables an attacker to elevate their privileges from an AppContainer. The second exploited zero day, has a hash disclosure flaw in the now deprecated NTLMv2 that affects all versions of Windows going back to Windows Server 2008. IT and security professionals can use their IT asset management tools to identify unpatched instances of the software.

ITAM professionals have the data on all the IT assets in a company at their fingertips. They know which users have which assets and can quickly help the cyber security staff to identify the scope of a potential attack. ITAM teams can also ensure end users can gain access to functioning endpoints in the event of an attack that renders other endpoints unusable. They also have access to the software installed on users systems, who has access to download licenses and software packages, and can coordinate blocking access to infected files. An ITAM program includes the responsibility for sourcing equipment and tracking its use. Consequently, an ITAM plan to respond to a ransomware attack is critical. That plan should determine how to get a ransomware-impacted workforce up and running after devices are impacted.

XDA Developers has suggested that using unsupported hardware on Windows 11 is only going to get more miserable. This should be another warning for Windows 10 holdouts that Microsoft is unlikely to soften its position. IT managers can use their IT asset management tools to plan the transition and identify systems not compatible with Windows 11.

According to a recent report by Tangoe, AI adoption is resulting in a serious spike in cloud costs. To develop the report, the technology expense management solution provider surveyed 500 IT and finance professionals responsible for enterprise cloud cost management. It found that overall cloud costs increased an average of 30% in the last year. Fifty percent of respondents noted that spending on AI applications was a top driver for growing cloud spend. Nearly seventy five percent of respondents said the AI resulted in unmanageable cloud bills. To constrain costs, IT professionals can utilize their IT asset management tools to identify duplicate, under-utilized or unauthorized clous services.

IT asset management is a key tool in implementing a GAV framework. The data reported by the solution provides a current inventory of hardware and software assets, identifies obsolete systems and highlights areas of potential cost savings.

Followimng the US government s ban on Kaspersky Lab products, some users reported that the antivirus software was replaced without notice by UltraAV , about which little is known. Earlier in 2024, citing national security risks, the US government prohibited the sale of Kaspersky products in the US. Consequently, Kaspersky notified its US employees that it would begin winding down its operations in the US starting in July. According to UltraAV s website, Kaspersky partnered with UltraAV to ensure continued service for its US customers. However, according to The Register, UltraAV has not undergone testing by the Anti-Malware Testing Standards Organization (AMTSO). A third-party test is scheduled for later this year. Security software vendors are not obligated to have their products independently tested. However, in such a trust-driven industry, such assessments can be considered essential. IT managers concerned about having unknown or untested applications on their networks can utilize their IT asset management tools to identify such software.

The concept of detection and response is a core part of the NIST Cybersecurity Framework (CSF) and a should be a fundamental part of any sound cybersecurity program. IT pros must be able to detect threats and malicious activity and respond to them, regardless of where they occur. That can be a real challenge for the current detection and response processes. Most detection and response tools focus on endpoints, networks, servers, but leave one large gap: applications. That gap is now increasingly being targeted, with the increased role applications play in malicious activity. The latest Verizon Data Breach Investigations Report (DBIR) pointed out that application vulnerability exploitation grew 180% over the previous year. Verizon stated that vulnerability exploitation now accounts for one-third of all incidents recorded in the DBIR. Security and IT professionals can utilize their IT asset management toolset to identify applications with known vulnerabilities that reside on their networks.

Ivanti recently announced patches for CVE-2024-8190. This is a CSA vulnerability that enables attackers with elevated privileges to achieve remote code execution. Shortly after the patch was released it came to light that threat actors had been combining it with a vulnerability tracked as CVE-2024-8963 used to bypass authentication and be able to exploit CVE-2024-8190. Ivanti subsequently announced that CVE-2024-8963 has been chained with other CSA vulnerabilities as well to target a limited number of its customers. The company noted that three new flaws tracked as CVE-2024-9379, CVE-2024-9380 and CVE-2024-9381 have been chained with CVE-2024-8963. CVE-2024-9381 is a high-severity path traversal issue that enables a remote and authenticated attacker with administrator privileges to bypass restrictions. CVE-2024-9380 is a high-severity OS command injection bug allowing remote code execution. CVE-2024-9379 is a medium-severity SQL injection that enables an authenticated attacker with admin privileges to run arbitrary SQL commands.

Microsoft recently issued an urgent warning regarding an actively exploited code execution vulnerability in a Windows component used for system configuration and monitoring. The zero-day, tagged as CVE-2024-43572, is documented as a remote code execution issue in Microsoft Management Console (MMC). The company warned that attackers are usinmg malicious Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems. This is the 23rd time this year Microsoft needed to respond to zero-day exploitation before the availability of patches. The October patches also cover critical-severity flaws in the Visual Studio Code extension for Arduino, the Remote Desktop Protocol Server, and the Microsoft Configuration Manager. Microsoft also identified CVE-2024-43573 for urgent attention, stating that a flaw in the Windows MSHTML platform is included in the exploitation detected category. IT managers can identify vulnerable and unpatched systems using their IT asset management tools.

According to a recent Kyndryl report corporate IT modernization initiatives are often threatened by aging infrastructure and systems without technical support. The IT services firm surveyed over 3,000 C-suite executives and aggregated anonymized customer data. Ninety percent of executives said their company s technology is best-in-class, however over sixty percent acknowledged that outdated systems present a major concern. According to Michael Bradshaw, Kyndryl s SVP and global practice leader for applications, data and AI, if a company lacks comprehensive IT asset and configuration management, locating tech debt is a challenge. He noted that It s almost like an archeological dig. You don t know where the problems are unless you stub your toe on something that s reached end-of-support.

Apple is currently making patches to iOS 18.1 and iPadOS 18.1 available to to mobile users with patches for over 25 vulnerabilities that could result in information leaks, the disclosure of process memory, denial-of-service, sandbox escape, modification of protected system files, heap corruption, and access to restricted files. The flaws were resolved with improved authentication, checks, logic, input validation, handling of content, memory management, private data redaction, state management, and file and memory handling. Resolutions for nearly 60 security defects were resolved with the recent macOS Sequoia 15.1 update. Those patches addressed 15 issues that were also addressed in iOS and several flaws in third-party dependencies. IT managers can identify unpatched systems using their IT asset managment tools.

One of a CIOs most persistent challenges involves embracing innovative technologies without while addressing potentially crippling technical debt. Tech debt can involve old applications, bloated code, and aging hardware. The issue often is deprioritized behind adoption of innovation and new technology. In a recent CIO Sentiment Survey by IDC almost 40% of CIOs surveyed said they expect to overspend on digital infrastructure over the next 18 months. Nearly 50% of those who expect to overspend blamed excessive tech debt, including old apps. Nonetheless, according to the survey CIOs ranked AI and cybersecurity far ahead of eliminating tech debt on their lists of priorities. Daniel Saroff, group vice president for consulting and research at IDC, noted that company boards and CEOs are putting pressure on CIOs to find innovative uses for AI. In addition, and the need for better cybersecurity is ever-present. Therefore, dealing with tech debt gets put on the backburner. One approach for CIOs who have significant tech debt is to sell it to organization leadership. One way to frame the need to address tech debt is to tie it to IT modernization. CIOs can use their IT asset management tools to identify old and obsolete hardware and software and point out the costs of legacy systems.,

Microsoft recently warned users of six actively exploited Windows security defects. The company s security response team issued documentation for nearly 90 vulnerabilities across Windows and OS components and raised marked six flaws as being actively exploited. Microsoft urged Windows sysadmins to pay urgent attention to a batch of critical-severity issues that expose users to remote code execution, privilege escalation, cross-site scripting and security feature bypass attacks. These include a significant flaw in the Windows Reliable Multicast Transport Driver that brings remote code execution risks, a severe Windows TCP/IP remote code execution flaw, two separate remote code execution issues in Windows Network Virtualization and an information disclosure issue in the Azure Health Bot. IT professionals can utilize their IT asset management toolsets to identify vulnerable and/or unpatched systems.

Microsoft recently patched a serious flaw within Microsoft s Outlook email client. The vulnerability would enable an attacker to have full access by simply sending the user an email. The attack would work even if the recipient did not open the message. Furthermore, the end user would have no way of knowing that they had been attacked. Michael Gorelik, the chief technology officer at Morphisec noted that You will not know. You will not experience anything. The security firm that says it discovered the problem and reported it to Microsoft. He also voice d concern that this flaw may indicate the existence of similar zero-click holes that Microsoft has yet to patch. IT professionals can utilize their IT asset management solutions to minimize exposure to the vulnerability by identifying any unpatched systems.

Ivanti recently announced patches for eight vulnerabilities in Neurons for ITSM, Avalanche, and Virtual Traffic Manager. Two addressed critical-severity flaws, including a critical-severity information disclosure issue that could enable an unauthenticated attacker to obtain the OIDC client secret via debug information . Ivanti also announced patches for a high-severity improper certificate validation flaw that could allow an attacker in a man-in-the-middle position to craft a token that would allow access to ITSM as any user . Ivanti also announced patches for a critical-severity bug in Virtual Traffic Manager that could enable an attacker to circumvent authentication and create an administrator user in the admin panel. The company also issued patches for five high-severity vulnerabilities in Avalanche.

Even before the worldwide CrowdStrike outage, patching was a constant challenge for many IT operations teams. They struggled to balance the need to patch urgently with the requirement to patch safely. Endpoint unpatched devices remain one of the greatest risks to an organization. However, deploying a bad patch can have dire consequences for a business. Clearly, applying software patches has exceeded current capabilities, and AI-based autonomous patching systems are a reasonable substitute.