Organizations can now apply Rezilion’s SBOM to Windows environments to manage software vulnerabilities and meet regulatory standards. Credit: Maximusnd / Getty Images Software security platform Rezilion has expanded its Dynamic Software Bill of Materials (SBOM) capability to support Windows environments. The firm said the move will provide organizations with the tools to efficiently manage software vulnerabilities and meet new regulatory standards, addressing functionality gaps of traditional vulnerability management tools primarily designed for use with Linux OS. Features include the ability to search and pinpoint vulnerable components, view Windows and Linux risk side by side in one UI, and tackle legacy vulnerability backlogs. The expansion comes as Microsoft vulnerabilities continue to plague organizations across the globe.Lack of Windows-first vulnerability management toolsIn a press release, Rezilion stated that a dearth of “Windows-first” tooling affects organizations’ ability to effectively manage vulnerabilities and comply with regulations such as the President’s Executive Order (EO) 14028, which requires teams to provide a thorough inventory of their software environments and related vulnerabilities. Gaps leave organizations with large, legacy Windows environments especially vulnerable to both attacks and regulatory non-compliance, the company added, particularly given the fact that 56% of software today is built for Windows OS.According to Liran Tancman, CEO of Rezilion, organizations are increasingly realizing that their future security, risk, and compliance posture relies heavily on their ability to see further into their software supply chain. “A Dynamic SBOM that supports Windows environments widens the scope of possibility and gives the ability to a massive number of new customers to meet regulatory standards and detect and manage their software vulnerabilities strategically,” he added.In July, Microsoft released its own open-source SBOM generation tool. The tech giant said this was an important step towards fostering collaboration and innovation which will enable more organizations to generate SBOMs as well as contribute to its development. Microsoft vulnerabilities continue to threaten organizations2021 was somewhat of a troubling security year for Microsoft with numerous vulnerabilities impacting several of its leading services including Active Directory, Exchange, and Azure. The same severity of security incidents has not come to light in 2022, but Microsoft vulnerabilities continue to threaten unpatched and unprepared organizations globally.Microsoft’s latest Patch Tuesday security update highlighted four actively exploited Windows zero-day vulnerabilities including print spooler elevation of privilege and scripting language remote code execution exploits. These are CVE-2022-41073, CVE-2022-41125, CVE-2022-41128 and CVE-2022-41091. Last month, a pair of newly discovered vulnerabilities highlighted the ongoing risks posed by Internet Explorer’s (IE’s) deep integration into the Windows ecosystem, despite Microsoft ending support for IE in June 2022. Discovered by the Varonis Threat Labs team, the exploits – dubbed LogCrusher and OverLog – affected an IE-specific Event Log that is present on all current Windows operating systems up to, but not including, Windows 11. Teams were urged to patch systems and monitor suspicious activity to mitigate security risks which include event log crashing and remote denial-of-service (DoS) attacks.In September, researchers discovered attackers exploiting two unpatched vulnerabilities to remotely compromise on-premises Microsoft Exchange servers – CVE-2022-41040 and CVE-2022-41082. In August, Microsoft urged users to patch a high-severity, zero-day security vulnerability (CVE-2022-34713 or DogWalk), which allowed attackers to exploit a weakness in the Windows Microsoft Support Diagnostic Tool (MSDT). Related content news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities Security feature Key findings from the CISA 2022 Top Routinely Exploited Vulnerabilities report CISA’s recommendations for vendors, developers, and end-users promote a more secure software ecosystem. By Chris Hughes Sep 21, 2023 8 mins Zero Trust Threat and Vulnerability Management Security Practices news Insider risks are getting increasingly costly The cost of cybersecurity threats caused by organization insiders rose over the course of 2023, according to a new report from the Ponemon Institute and DTEX Systems. By Jon Gold Sep 20, 2023 3 mins Budget Data and Information Security news US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks Cyber insurance claims frequency increased by 12% in the first half of 2023 while claims severity increased by 42% with an average loss amount of more than $115,000. By Michael Hill Sep 20, 2023 3 mins Insurance Industry Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe