Industry News

Microsoft's recent security update addressed no actively exploited zero-day vulnerabilities or previously disclosed flaws for the first time in almost two years. It did, however, contain fixes for over 130 CVEs. Microsoft considers 13 of them to be likely candidates for exploitation and 9of which are rated as critical. These include two in Microsoft Office Word and five others with severity scores of 9.8 or 9.9 on the 10-point CVSS scale. This is the third month this year where Microsoft has disclosed more than 100 CVEs in its Patch Tuesday update. IT professionals can identify unpatched and vulnerable systems using reports from their IT asset management tools.

Recent data suggests that the practice of employees using unsanctioned AI tools has spiraled out of control. A Microsoft survey of UK workers found that over 70% said they have used unapproved AI tools at work. According to Reco, an AI security platform, there are typically 200 unsanctioned AI tools being used per 1,000 workers At mid-size companies. A In a separate study Microsoft found that nearly 80% of workers using AI relied on their own tools. Leslie Nielsen, chief information security officer at Mimecast, refers to the rise of shadow AI to "death by a thousand cuts. For example, if someone uploads a document with confidential information to an AI tool, a chatbot or agent could reveal the data to someone outside the company. Case studies include Samsung where the company discovered software engineers put internal code into ChatGPT and Amazon which found ChatGPT's responses to some prompts mirrored internal company data. Companies can monitor systems using unauthorized AI tools by using their software discovery tools.

Fortinet recently released a number of patches across its product line. The patches included two critical vulnerabilities that can result to remote code execution. Fortinet flaws have been exploited in the wild many times in the past, so companies are encouraged to deploy patches as soon as possible. Piyush Sharma, CEO and co-founder of SecOps company Tuskira noted that Fortinet vulnerabilities are often attractive to threat actors because these products sit in high-trust security functions that threat actors often target. When a vulnerability affects a tool that already has privileged visibility or sits close to critical systems, exploitation can give attackers a much larger head start than a flaw in an ordinary application. The flaw in FortiAuthenticator, tracked as CVE-2026-44277, has a 9.1 CVSS severity score. The flaw in FortiSandbox also has a severity score of 9.1. In addition, Ivanti published four advisories relating to seven security defects impacting Ivanti Secure Access Client, Xtraction, Virtual Traffic Manager, and Endpoint Manager (EPM). The most severe of these is CVE-2026-8043 with a CVSS score of 9.6, which could be exploited remotely to read sensitive files and write arbitrary HTML files to a web directory. The company also resolved four other high-severity vulnerabilities. One expert noted that the five new vulnerabilities discovered in Ivanti s on-premises mobile endpoint management solution are a classic example of the legacy trap that CSOs must avoid. Robert Enderle of the Enderle Group added Patch today to survive the weekend but start planning your exit from legacy MDM as soon as possible. This isn t an isolated incident. It s a continuation of the cycle we saw in January, suggesting an underlying architecture struggling to withstand modern threats. The flaws are so serious that the US Cybersecurity and Infrastructure Security Agency (CISA) added one of the vulnerabilities to its Known Exploited Vulnerabilities Catalog as it s being actively exploited.

IT experts are declaring an emergency and urging CSOs to consider abandoning on-premises email solutions as a new zero-day vulnerability in Microsoft Exchange Server has been discovered. Rob Enderle of the Enderle Group warned that Because it s already being exploited in the wild, this isn t a patch next week situation; it s a mitigate right now emergency. Johannes Ullrich, dean of research at the SANS Institute added that This is another reminder to find a trusted cloud provider for e-mail. On-premises Exchange is becoming a legacy product, and while some organizations need it for internal and outbound email, its attack surface should be minimized by reducing its exposure to external email. Ullrich was responding to a recent alert from Microsoft about a cross-site scripting vulnerability affecting Exchange Outlook Web Access that could be exploited merely by sending a specially crafted email to a user. When the message is opened, and certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.

Corporate patch management strategy may need a critical overhaul. Based on an examination of 31,000 incidents analyzed by Verizon s DBIR, flaw exploitation significantly outpaced credential abuse as the primary attack vector. Patching practices are coming under intense pressure, as time-to-exploit timeframes accelerate. This represents new reality which will likely worsen as AI assistance in attack chains rises. Verizon researchers found that exploited flaws were the root cause of breaches in over thirty percent of cases. Credential abuse resulted on over twelve percent of security failures. According to Verizon s study, only one in four critical vulnerabilities were fully remediated in 2025, with the median patch time rising to 43 days, up from 32 days the prior year. CIO s can utilize the information from their IT asset management tools to identify vulnerable and unpatched systems.

Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft. The vulnerability allows attackers to gain SYSTEM or elevated administrator permissions. Called BlueHammer, the vulnerability was published by an independent security researcher The security issue has nopublished patch and no update to address it, the flaw is considered a zero-day by Microsoft's definition. Will Dormann, principal vulnerability analyst at Tharros confirmed that the BlueHammer exploit work. He noted that the flaw is a local privilege escalation that combines a time-of-check to time-of-use and a path confusion. The issue is not easy to exploit and that it gives a local attacker access to the Security Account Manager database, which contains password hashes for local accounts. Consequently, attackers can escalate to SYSTEM privileges and possibly achieve complete machine compromise. Dormann also noted that At that point, [the attackers] basically own the system, and can do things like spawn a SYSTEM-privileged shell. IT managers should be looking for a patch, and when issued use their IT asset management tools to identify vulnerable devices and patch them as soon as possible.

The critical-severity flaw is tracked as CVE-2026-35616 , with a CVSS score of 9.1, is described as an improper access control issue. The vulnerability and could be exploited for remote code, execution. According to Fortinet, remote attackers could send crafted requests to a vulnerable FortiClient EMS to trigger the bug. The company noted that successful exploitation does not require authentication. The company warned that Fortinet has observed this to be exploited in the wild. Fortinet announced the availability of hotfixes to address the security defect in FortiClient EMS versions 7.4.5 and 7.4.6. Version 7.2 is not affected. Fortinet published detailed instructions on how to download and apply the hotfixes for both FortiClient EMS 7.4.5 and 7.4.6, and on how to verify that the hotfixes have been applied. IT professionals can utilize their IT asst management tools to identify unpatched systems.

In addition, using hardware past its end of support increases costs and vulnerabilities. Costs also increase due to outages as older systems experience more failures. Also, legacy hardware is less power-efficient overall, costing more to operate. Network discovery and IT management tools can oftentimes pay for themselves by allowing management to identify systems that should be replaced. Savings can be realized by reducing on downtime, operating costs and reducingh cyber risk.

Without strong governance in place, companies risk hitting a plateau where large-scale transformational growth and innovation across the enterprise become increasingly difficult. That s the velocity paradox leaders are navigating today, balancing urgency with accountability. IT leaders can utilize the data from their IT asset management tools to determine the level id shadow-AI in their organization.

According to a report released Wednesday by VulnCheck, fewer than 1% of software vulnerabilities were exploited in the wild over the past year. However, those flaws were being weaponized faster and on a larger scale than ever before. Researchers tracked over 14,000 exploits linked to over10,000 unique CVEs in 2025. That represents over a 16% increase from the prior year. A large percentage of that increase was linked proof-of-concept code that was generated by AI. IT managers can scan for unpatched or vulnerable software using their IT asset management tools.

At a minimum, agencies should enforce policies that forbid the use of unauthorized AI agents on government networks or devices, prohibiting the provision of credentials, tokens or system access to unsanctioned AI tools and that all AI tools must be explicitly approved before any use. Management can use its IT asset management tools to identify unauthorized code in use across the network.

Microsoft s March 2026 Patch Tuesday updates resolve a single critical-severity flaw, (CVE-2026-21536 with a score of 9.8). It is a remote code execution weakness in Devices Pricing Program that has already been fully mitigated. The company stated that There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Another security defect that stands out is an elevation of privilege issue in Azure MCP Server Tools. It can be exploited by sending specially crafted input to a server tool that accepts user-supplied parameters. Fortra associate director Tyler Reguly noted that CSOs should ensure that they have solid asset inventories around the deployment of cloud-related systems and tools, so that admins know where these things exist and when they need to be fixed. This is the best way to empower your sys admins and security teams on a quiet month like this. A robust IT asset management solution is a critical tool in maintain an accurate inventory.

The most recent Microsoft Patch Tuesday has been issued, however monthly security updates from Microsoft are still coming. The latest fix is an emergency, out-of-band, hot patch for a subset of Windows 11 enterprise users that addresses a number of critical security vulnerabilities that impact the Routing and Remote Access Service. The flaw could give attackers the ability to execute remote code and take control of the impacted device. These Common Vulnerabilities and Exposures are designated as CVE-2026-25172, CVE-2026-25173 and CVE-2026-26111. Unless patched, an attacker who is already authenticated on the domain could trick a domain-joined user to send a request to the malicious server via the RRAS snap-in. Even though a patch has already been made, the Patch Tuesday fix requires a device reboot. Oftentimes critical applications or services aren t open to rebooting on a whim, for obvious reasons. IT managers can use their IT asst management applications to identify vulnerable systems.

Microsoft recently issued an emergency update to address a major issue that breaks sign-ins with Microsoft accounts across multiple Microsoft apps. The problem occurs after installing the KB5079473 cumulative update that was part of this month's Patch Tuesday. It warns users that the affected devices are not connected to the Internet. The list of affected apps includes Teams and OneDrive, Microsoft Edge, Microsoft 365 Copilot, Excel and Word, which display the same error message for features that require a Microsoft account sign-in. IT managers can identify unpatched systems using their IT asset management tools.

Exploitation timelines continue to compress. Newly disclosed flaws reach active use almost immediately. In addition, older vulnerabilities remain active years after disclosure. Newly disclosed vulnerabilities move into active exploitation with little delay. Simultaneously, older vulnerabilities remain active. Long-term exposure also appears in broader vulnerability trends. Almost 40% of the top-targeted vulnerabilities affected end-of-life devices. Over 30% of vulnerabilities were at least 10 years old. These figures point to persistent gaps between vendor lifecycle timelines and enterprise patching practices. IT professionals can identify unpatched and vulnerable devices using the data generated by their IT asset management systems.