Operations | Monitoring | ITSM | DevOps | Cloud

Mozilla releases Firefox 1.45, fixing 16 vulnerabilities, while the older ESR version 15.30 addresses four. Adobe updates critical vulnerabilities in InDesign, Photoshop, and Illustrator. Microsoft also updates various Office versions, tackling critical vulnerabilities and known issues in SharePoint and SQL Server. This month sees a decrease in overall vulnerabilities, emphasizing the importance of keeping applications updated.

Servicing stack updates for Server 2008 and 2012 require users to remain current to avoid operational impacts. Development tools also receive necessary updates, prompting action from development and operations teams. Key updates for Azure Monitor and Microsoft Visual Studio emphasize the importance of team engagement. The content also addresses the end of life for certain services, highlighting the need for awareness and preparation.

CVE 2025-11561 affects Red Hat Linux and other distributions, requiring configuration of the Kross local authentication plugin for mitigation. Linux updates differ by vendor, with some delays in addressing vulnerabilities. A VMware tools vulnerability is actively exploited, prompting a recommendation to upgrade to a supported Linux version. Additionally, CVE 2025-58438 presents a traversal vulnerability in Python libraries on both Windows and Linux, resolved by upgrading to version 5.5.0.1.

Microsoft has identified a zero-day vulnerability in the Windows kernel, rated 7.0 on the CVSS scale. Organizations often misprioritize vulnerabilities, focusing on high-severity scores instead of those actively exploited. Many lower-severity vulnerabilities are chained by attackers. A risk-based approach to vulnerability management is crucial. Current Windows OS versions are affected, and organizations should consider Extended Security Updates to mitigate risks as more zero days are anticipated.

Cisco has identified a new attack variant targeting firewalls, highlighting the need for user education on vulnerabilities. A vulnerability discovered on November 5th affects nearly 50,000 devices, with many still at risk as of September 30th. Organizations struggle to expedite updates due to complex configurations and implementation challenges. Recent research indicates that network edge devices are prime targets for zero-day vulnerabilities, emphasizing the need for improved security measures.

Whether your organization’s mobile ecosystem consists of bring-your-own devices (BYODs) or corporate-owned devices, the Android operating system is likely part of the mix and has implications on IT and security. Explore some of the latest productivity-boosting tools to help admins automate routine tasks and provide secure, available and accessible mobility for end users of Android.

In this in-depth interview with Steve Thornton, Head of Service Delivery at Gilbert+Tobin Steve reveals how the Service Desk cut the time to resolve issues, increased employee satisfaction and adopted a shift-left approach with improved career opportunities within the service desk – all with the aid of automation bots via Ivanti Neurons. Listen to how Gilbert+Tobin.

The UK introduces a cybersecurity bill that enforces stricter regulations for critical infrastructure. As threat actors become more aggressive and utilize AI for advanced attacks, the legislation mandates organizations to respond quickly to incidents. Vendors must notify authorities within 24 hours, and emergency powers are created to improve cybersecurity responses. The emphasis is now on managing exposure in vulnerability practices.

Key Takeaways November 2025 marks the first month of the Windows 10 Extended Security Updates program. If you are planning to run Windows 10 for an extended period, ensure you have upgraded to Windows 10 version 22H2. The Windows OS update is the highest priority this month as it resolves a known exploited CVE (CVE-2025-62215). Third-party updates from Adobe and Mozilla have already been released and an update for Google Chrome is expected soon, which means Edge will also need an update. November Patch Tuesday is the first Patch Tuesday after the EoL of Windows 10.

A Chrome vulnerability is identified, allowing for remote code execution. Mozilla updates Firefox and Thunderbird to fix vulnerabilities. Adobe addresses critical issues in Bridge, Animate, and Illustrator. Microsoft resolves multiple vulnerabilities in Windows 10 and 11, along with updates for Office 2016 and 2019. Exchange Server updates are released, with no known exploits, and the T Net framework receives a rare update for an encryption vulnerability.

Ivanti’s 2025 DEX report reveals a surprising disconnect: While IT leaders strongly believe in DEX, its adoption and impact are plateauing across industries. Join us for a thought-provoking webinar with Ivanti’s Mariah Shotts, along with special guest and AI expert Rob May. We’ll unpack findings from our global survey of 3,300 IT professionals and office workers, revealing: Whether you’re just beginning your DEX journey or looking to optimize your existing program, this session will help you benchmark your progress, close critical gaps and chart a future-proof strategy.

Updates focus on security and non-security improvements across various software, including Chrome, Firefox, and Apple operating systems. Chrome addresses multiple vulnerabilities, while Green Shot introduces new management features. Firefox and Safari receive regular updates for security issues, and Apple makes significant changes in its operating system versioning. Office applications like Excel also see updates targeting vulnerabilities, showcasing a proactive approach to software security.

ivanti.com/itsm-automation Unlock the secrets to successful Agentic AI deployment and widespread AI adoption in your organization with insights from Scott Hughes, SVP of Revenue Operations and Corporate IT at Ivanti. This video explores why IT-business alignment is critical, the importance of high-quality data, and how legacy infrastructure poses challenges for effective AI integration. Key insights.

The platform provides features for member access, defining roles and permissions that guide user capabilities. Device management is regulated through scopes, which control visibility and actions on devices. Future enhancements will include object level ownership to improve policy management. Scopes also influence reporting, determining device visibility and compliance assessment, highlighting potential broader impacts beyond immediate access.