Rezilion expands SBOM to support Windows environments

Software security platform Rezilion has expanded its Dynamic Software Bill of Materials (SBOM) capability to support Windows environments. The firm said the move will provide organizations with the tools to efficiently manage software vulnerabilities and meet new regulatory standards, addressing functionality gaps of traditional vulnerability management tools primarily designed for use with Linux OS. Features include the ability to search and pinpoint vulnerable components, view Windows and Linux risk side by side in one UI, and tackle legacy vulnerability backlogs. The expansion comes as Microsoft vulnerabilities continue to plague organizations across the globe.

Lack of Windows-first vulnerability management tools

In a press release, Rezilion stated that a dearth of “Windows-first” tooling affects organizations’ ability to effectively manage vulnerabilities and comply with regulations such as the President’s Executive Order (EO) 14028, which requires teams to provide a thorough inventory of their software environments and related vulnerabilities. Gaps leave organizations with large, legacy Windows environments especially vulnerable to both attacks and regulatory non-compliance, the company added, particularly given the fact that 56% of software today is built for Windows OS.

According to Liran Tancman, CEO of Rezilion, organizations are increasingly realizing that their future security, risk, and compliance posture relies heavily on their ability to see further into their software supply chain. “A Dynamic SBOM that supports Windows environments widens the scope of possibility and gives the ability to a massive number of new customers to meet regulatory standards and detect and manage their software vulnerabilities strategically,” he added.

In July, Microsoft released its own open-source SBOM generation tool. The tech giant said this was an important step towards fostering collaboration and innovation which will enable more organizations to generate SBOMs as well as contribute to its development.

Microsoft vulnerabilities continue to threaten organizations

2021 was somewhat of a troubling security year for Microsoft with numerous vulnerabilities impacting several of its leading services including Active Directory, Exchange, and Azure. The same severity of security incidents has not come to light in 2022, but Microsoft vulnerabilities continue to threaten unpatched and unprepared organizations globally.

Microsoft’s latest Patch Tuesday security update highlighted four actively exploited Windows zero-day vulnerabilities including print spooler elevation of privilege and scripting language remote code execution exploits. These are CVE-2022-41073, CVE-2022-41125, CVE-2022-41128 and CVE-2022-41091.

Last month, a pair of newly discovered vulnerabilities highlighted the ongoing risks posed by Internet Explorer’s (IE’s) deep integration into the Windows ecosystem, despite Microsoft ending support for IE in June 2022. Discovered by the Varonis Threat Labs team, the exploits – dubbed LogCrusher and OverLog – affected an IE-specific Event Log that is present on all current Windows operating systems up to, but not including, Windows 11. Teams were urged to patch systems and monitor suspicious activity to mitigate security risks which include event log crashing and remote denial-of-service (DoS) attacks.

In September, researchers discovered attackers exploiting two unpatched vulnerabilities to remotely compromise on-premises Microsoft Exchange servers – CVE-2022-41040 and CVE-2022-41082. In August, Microsoft urged users to patch a high-severity, zero-day security vulnerability (CVE-2022-34713 or DogWalk), which allowed attackers to exploit a weakness in the Windows Microsoft Support Diagnostic Tool (MSDT).