The ITAM Roundup: 6/16/24
Kyndryl reportedly in talks to buy DXC Technology
Kyndryl is in discussions to potentially acquire DXC Technology, a move that could significantly impact IT infrastructure services. The acquisition talks, reportedly with Apollo Global's involvement, may see Kyndryl offering between $22 and $25 per share for DXC, driving up DXC's stock price. If successful, the deal could leverage Kyndryl's scale and expertise in mainframe modernization, contrasting with DXC's recent struggles and its exploration of selling its insurance software business under new leadership.
Evan Schuman
IBM dream to gobble up HashiCorp challenged in court
An investor has sued HashiCorp and its executives over IBM's proposed acquisition for $6.4 billion, alleging the deal primarily benefits company insiders rather than public shareholders. The lawsuit, filed in federal court, claims HashiCorp's board agreed to the acquisition to enrich themselves, omitting critical financial details in SEC filings. Despite initial legal action, the plaintiff's law firm has moved to dismiss the case abruptly, raising questions about the lawsuit's legitimacy and the involvement of the named shareholder.
Thomas Claburn
Oracle Java police start knocking on Fortune 200's doors for first time
Oracle has begun sending Java audit letters to Fortune 200 companies for the first time, following a shift to a per-employee licensing model introduced in January 2023. This change significantly impacts businesses previously using Java under different terms, potentially increasing costs two to five times. Industry experts like Craig Guarente advise companies to assess their Java usage carefully to avoid unnecessary payments and potential future cost escalations under long-term agreements with Oracle.
Lindsay Clark
Broadcom ends easy elasticity for VMware Cloud on AWS
Broadcom, which now owns VMware, has shifted VMware Cloud on AWS to a subscription-only model, ending the on-demand use of software licenses. This change eliminates the ability for customers to dynamically adjust resource usage as needed, now requiring a one-year subscription for new hosts instead of self-service provisioning. AWS has responded aggressively with migration promotions, highlighting concerns among IT leaders about the future of VMware under Broadcom's ownership and the impact on pricing and service flexibility.
Simon Sharwood
Copilot in SharePoint, Recall is Recalled, plus Karin Skapski Talks Automation: The Practical 365 Podcast S4 E21
In the latest Practical 365 podcast episode, Karin Skapski discusses automation using Copilot and upcoming features in SharePoint. Microsoft's Copilot+ PCs introduce controversial features like Windows Recall, which has been delayed amid security concerns and will undergo further review. The podcast also explores new capabilities for Copilot in Teams, including the introduction of customizable agents for enhancing productivity and collaboration.
Steve Goodman
IT leaders go small for purpose-built AI
In the latest insights, IT leaders are increasingly favoring small AI models over large ones like GPT-4, emphasizing cost-effectiveness and specialized functionality. Companies like Microsoft and Apple are launching small language models (SLMs) tailored for specific tasks, offering flexibility and lower deployment costs compared to LLMs. This trend highlights a shift towards purpose-built AI solutions that provide better control over data and address niche needs effectively, challenging the notion that bigger AI models are always superior.
Grant Gross
Visual Studio and Team Foundation Server End of Life
Microsoft Visual Studio Version 17.4 (LTSC channel) is reaching its end-of-life on July 11, 2024, prompting users to update installations to mitigate security risks. Visual Studio, a longstanding IDE since 1997, supports various editions and channels, including the Long-Term Servicing Channel (LTSC) for extended support. Additionally, Visual Studio Team Foundation Server (TFS), now Azure DevOps Server, provides tools for collaboration throughout application lifecycles, emphasizing the importance of staying updated to receive security patches and new features.
Esben Dochy
Microsoft delays Windows Recall amid privacy and security concerns
Microsoft has postponed the release of its AI-powered Windows Recall feature amid significant privacy and security concerns. Originally set for a public preview on Copilot+ PCs starting June 18, 2024, it will now debut first with Windows Insiders to gather feedback before wider release. Critics warn that Recall, which takes frequent screenshots analyzed by Azure AI, poses serious privacy risks despite Microsoft's assurances of encryption and opt-in features for security.
Microsoft Customers: Your Security Strategy Needs an Overhaul, Too
Microsoft faces criticism from the U.S. Cyber Safety Board, prompting a company-wide security overhaul. Analysts advise customers to bolster their security strategies with proactive measures like patch management and multi-factor authentication in response to recent vulnerabilities. Check out the guidance from Directions analysts Michael Cherry and Mary Jo Foley:
Mary Jo Foley
Microsoft warns Azure Tags could be targeted by hackers
Microsoft has revised its stance on Azure Service Tags, warning users that these tags could potentially be exploited by hackers to gain unauthorized access to cloud resources, despite initially stating they weren't meant for security purposes. The company acknowledged a vulnerability highlighted by cybersecurity researchers from Tenable, involving the misuse of Service Tags to impersonate trusted Azure services and bypass firewall rules. While Microsoft emphasized no real-world abuses have been detected yet, it advises users to implement additional security measures beyond Service Tags for network traffic authentication.
Sead Fadilpašić
CISA warns of Windows bug exploited in ransomware attacks
The U.S. CISA has flagged CVE-2024-26169, a high-severity Windows vulnerability exploited in ransomware attacks, allowing local attackers to gain SYSTEM permissions without user interaction. Microsoft patched the flaw on March 12, 2024, but it had been exploited by the Black Basta ransomware gang before the update. CISA mandated federal agencies to patch the vulnerability within three weeks to mitigate widespread ransomware threats, emphasizing its critical risk to organizational security.
