Microsoft Defender Vulnerability Management is getting a new update that allows IT Pros to gain insights about vulnerable software and devices. The new CVE reporting feature is currently available in public preview for all commercial customers.
For those unfamiliar, Common Vulnerabilities and Exposures (CVE) is a database of publicly disclosed software vulnerabilities. The Microsoft Defender Vulnerability Management solution allows IT admins to address critical vulnerabilities and configuration issues across their organization. It helps to reduce cybersecurity risks by providing assessment tools, asset visibility, and remediation solutions.
These capabilities are supported across all platforms (including macOS, Windows, Linux, iOS, and Android) and network devices. Microsoft Defender Vulnerability Management is available in preview for Microsoft Defender for Endpoint Plan 2 subscribers and E5 customers.
With this release, IT Pros can now view the CVEs by clicking the new “Weaknesses” tab in the Microsoft Defender Vulnerability Management portal. As shown in the screenshot below, the “Update Availability” column shows the availability status of security updates for each CVE on the Exposed devices and Related software tabs.
“This new feature will show security update availability information for each CVE and actively exclude software lacking updates from the recommendations tab. (Note: Before the introduction of this feature, CVEs missing security updates were not shown in the Defender Vulnerability Management portal. Once a customer enables this feature in public preview, these CVEs will be reported in the Inventory and Weaknesses pages.),” Microsoft explained.
Microsoft Defender Vulnerability Management gets updated Recommendations tab
In addition to the Weaknesses tab, Microsoft has also updated the “Recommendations” tab in the Microsoft Defender Vulnerability Management portal. This page will now show software and devices when security patches are available.
Last but not least, Microsoft has announced that the export software vulnerabilities assessment API now supports the new CVE reporting feature. It will show details about software that lack the required security updates. Let us know in the comments below if you think that these new capabilities will help you to protect your devices against cyberattacks.