Operations | Monitoring | ITSM | DevOps | Cloud

RFP processes involve more than just pricing; they emphasize support, customer service, and partnership. Companies evaluate solutions by considering features and integration. Ivanti stands out by offering comprehensive solutions that adapt to business needs, prioritizing client feedback and future planning to build strong partnerships.

Mozilla releases Firefox 1.45, fixing 16 vulnerabilities, while the older ESR version 15.30 addresses four. Adobe updates critical vulnerabilities in InDesign, Photoshop, and Illustrator. Microsoft also updates various Office versions, tackling critical vulnerabilities and known issues in SharePoint and SQL Server. This month sees a decrease in overall vulnerabilities, emphasizing the importance of keeping applications updated.

Servicing stack updates for Server 2008 and 2012 require users to remain current to avoid operational impacts. Development tools also receive necessary updates, prompting action from development and operations teams. Key updates for Azure Monitor and Microsoft Visual Studio emphasize the importance of team engagement. The content also addresses the end of life for certain services, highlighting the need for awareness and preparation.

CVE 2025-11561 affects Red Hat Linux and other distributions, requiring configuration of the Kross local authentication plugin for mitigation. Linux updates differ by vendor, with some delays in addressing vulnerabilities. A VMware tools vulnerability is actively exploited, prompting a recommendation to upgrade to a supported Linux version. Additionally, CVE 2025-58438 presents a traversal vulnerability in Python libraries on both Windows and Linux, resolved by upgrading to version 5.5.0.1.

Microsoft has identified a zero-day vulnerability in the Windows kernel, rated 7.0 on the CVSS scale. Organizations often misprioritize vulnerabilities, focusing on high-severity scores instead of those actively exploited. Many lower-severity vulnerabilities are chained by attackers. A risk-based approach to vulnerability management is crucial. Current Windows OS versions are affected, and organizations should consider Extended Security Updates to mitigate risks as more zero days are anticipated.

Cisco has identified a new attack variant targeting firewalls, highlighting the need for user education on vulnerabilities. A vulnerability discovered on November 5th affects nearly 50,000 devices, with many still at risk as of September 30th. Organizations struggle to expedite updates due to complex configurations and implementation challenges. Recent research indicates that network edge devices are prime targets for zero-day vulnerabilities, emphasizing the need for improved security measures.

Whether your organization’s mobile ecosystem consists of bring-your-own devices (BYODs) or corporate-owned devices, the Android operating system is likely part of the mix and has implications on IT and security. Explore some of the latest productivity-boosting tools to help admins automate routine tasks and provide secure, available and accessible mobility for end users of Android.

In this in-depth interview with Steve Thornton, Head of Service Delivery at Gilbert+Tobin Steve reveals how the Service Desk cut the time to resolve issues, increased employee satisfaction and adopted a shift-left approach with improved career opportunities within the service desk – all with the aid of automation bots via Ivanti Neurons. Listen to how Gilbert+Tobin.

The UK introduces a cybersecurity bill that enforces stricter regulations for critical infrastructure. As threat actors become more aggressive and utilize AI for advanced attacks, the legislation mandates organizations to respond quickly to incidents. Vendors must notify authorities within 24 hours, and emergency powers are created to improve cybersecurity responses. The emphasis is now on managing exposure in vulnerability practices.

Key Takeaways November 2025 marks the first month of the Windows 10 Extended Security Updates program. If you are planning to run Windows 10 for an extended period, ensure you have upgraded to Windows 10 version 22H2. The Windows OS update is the highest priority this month as it resolves a known exploited CVE (CVE-2025-62215). Third-party updates from Adobe and Mozilla have already been released and an update for Google Chrome is expected soon, which means Edge will also need an update. November Patch Tuesday is the first Patch Tuesday after the EoL of Windows 10.