Track, manage, and remediate Windows vulnerabilities faster with the new CVE report in Autopatch.
Key Takeaways:
Microsoft has introduced a new Common Vulnerabilities and Exposures (CVE) reporting feature within Windows Autopatch. This new capability provides security teams a unified view of Windows vulnerabilities that recent quality updates have addressed, with device-specific vulnerability tracking.
In Windows Autopatch, the new CVEs report allows security teams to quickly determine which vulnerabilities have been resolved and identify devices that remain at risk. This feature consolidates this information with other Windows update information to support proactive planning, ensure regulatory compliance, and strengthen overall security posture.
The new CVE report in Windows Autopatch offers several features to simplify vulnerability management. It provides a complete list of CVEs addressed in the last 90 days, including severity scores and exploitation status, and tracks patch compliance down to individual devices with details like names and OS versions.
Additionally, security teams can access direct links to KB articles for remediation guidance, apply filters by CVE or severity, and export data for offline analysis. This report refreshes information to ensure near real-time visibility, and help IT teams stay ahead of security risks.

To access the new CVEs report in Windows Autopatch, administrators will need to follow the steps mentioned below:
This new Windows Autopatch report includes detailed columns such as CVE identifiers, CVSS Base Score, exploitation status, release information with KB article links, and publication dates. It also shows how many devices are missing the relevant updates, with the ability to drill down to specific device names and operating system versions for remediation.
To strengthen vulnerability response, organizations can leverage several strategies once at-risk devices are identified. These include using the Windows Autopatch update readiness feature to ensure smooth update processing, accelerating patch deployment through Microsoft Intune or Microsoft Graph, and applying targeted fixes with the Security Copilot Vulnerability Remediation Agent.