Microsoft Defender Vulnerability Management Adds New CVE Reporting Feature
Microsoft Defender Vulnerability Management is getting a new update that allows IT Pros to gain insights about vulnerable software and devices. The new CVE reporting feature is currently available in public preview for all commercial customers.
For those unfamiliar, Common Vulnerabilities and Exposures (CVE) is a database of publicly disclosed software vulnerabilities. The Microsoft Defender Vulnerability Management solution allows IT admins to address critical vulnerabilities and configuration issues across their organization. It helps to reduce cybersecurity risks by providing assessment tools, asset visibility, and remediation solutions.
These capabilities are supported across all platforms (including macOS, Windows, Linux, iOS, and Android) and network devices. Microsoft Defender Vulnerability Management is available in preview for Microsoft Defender for Endpoint Plan 2 subscribers and E5 customers.
With this release, IT Pros can now view the CVEs by clicking the new “Weaknesses” tab in the Microsoft Defender Vulnerability Management portal. As shown in the screenshot below, the “Update Availability” column shows the availability status of security updates for each CVE on the Exposed devices and Related software tabs.
“This new feature will show security update availability information for each CVE and actively exclude software lacking updates from the recommendations tab. (Note: Before the introduction of this feature, CVEs missing security updates were not shown in the Defender Vulnerability Management portal. Once a customer enables this feature in public preview, these CVEs will be reported in the Inventory and Weaknesses pages.),” Microsoft explained.
Microsoft Defender Vulnerability Management gets updated Recommendations tab
In addition to the Weaknesses tab, Microsoft has also updated the “Recommendations” tab in the Microsoft Defender Vulnerability Management portal. This page will now show software and devices when security patches are available.
Last but not least, Microsoft has announced that the export software vulnerabilities assessment API now supports the new CVE reporting feature. It will show details about software that lack the required security updates. Let us know in the comments below if you think that these new capabilities will help you to protect your devices against cyberattacks.
More in Security
Slack Releases Fix for Critical Bug That Exposed Hashed Passwords for Years
Aug 8, 2022 | Rabia Noureen
Microsoft Defender Experts for Hunting Lets Businesses Proactively Hunt Security Threats
Aug 4, 2022 | Rabia Noureen
VMware Releases Updates to Address Critical Authentication Bypass Flaw
Aug 3, 2022 | Rabia Noureen
Microsoft Defender Gets New Security Tools Powered By RiskIQ's Threat Intelligence
Aug 2, 2022 | Rabia Noureen
Microsoft Exchange Servers Hit By Stealthy IIS Backdoors
Jul 27, 2022 | Rabia Noureen
Securing IoT with Azure Sphere
Jul 25, 2022 | John Lunn
Most popular on petri