From 882f77d0100f5dc96d1381bffb93bd78e9549f8e Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Thu, 5 Nov 2020 08:40:20 -0800 Subject: [PATCH] new zero day topic --- windows/security/threat-protection/TOC.md | 1 + .../tvm-zero-day-vulnerabilities.md | 70 +++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index c2913b23a2..952895dc9c 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -64,6 +64,7 @@ ##### [Address security recommendations](microsoft-defender-atp/tvm-security-recommendation.md) ##### [Remediate vulnerabilities](microsoft-defender-atp/tvm-remediation.md) ##### [Exceptions for security recommendations](microsoft-defender-atp/tvm-exception.md) +##### [Mitigate zero-day vulnerabilities](microsoft-defender-atp/tvm-zero-day-vulnerabilities.md) ##### [Plan for end-of-support software](microsoft-defender-atp/tvm-end-of-support-software.md) #### [Understand vulnerabilities on your devices]() ##### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md new file mode 100644 index 0000000000..361ba702bc --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md @@ -0,0 +1,70 @@ +--- +title: Mitigate zero-day vulnerabilities - threat and vulnerability management +description: A report showing vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure. +keywords: mdatp-tvm vulnerable devices, mdatp, tvm, reduce threat & vulnerability exposure, reduce threat and vulnerability, monitor security configuration +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: ellevin +author: levinec +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: +- m365-security-compliance +- m365initiative-defender-endpoint +ms.topic: article +--- + +# Mitigate zero-day vulnerabilities - threat and vulnerability management + +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) + +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) + +A zero-day vulnerability is a publicly disclosed vulnerability for which no official patches or security updates have been released. Zero-day vulnerabilities often have high severity levels and are actively exploited. + +Once a zero-day vulnerability has been found, information about it will be conveyed through the following experiences in the Microsoft Defender Security Center: + +## Threat and vulnerability management dashboard + +Find recommendations with a zero-day tag in the “Top security recommendation” card. + +## Weaknesses page + +Find the named zero-day vulnerability along with a description and details. + +- If this vulnerability has a CVE-ID assigned, you’ll see the zero-day label next to the CVE name. + +- If this vulnerability has no CVE-ID assigned, you will find it under an internal, temporary name that looks like “TVM-XXXX-XXXX”. The name will be updated once an official CVE-ID has been assigned, but the previous internal name will still be searchable and found in the side-panel. + +## Software inventory page + +Find software with the zero-day tag. + +## Software page + +Find a zero-day tag for each software that has been affected by the zero–day vulnerability. + +## Security recommendations page + +Clear suggestions regarding remediation and mitigation options, including workarounds if exist. + +When there is an application with associated zero-day vulnerability and additional vulnerabilities to address , you will get one recommendation regarding both. + +When a patch is released for the zero-day, the recommendation will be changed to “Update” and a blue label next to it that says “New security update for zero day.” + +![One graph of current vulnerable devices by Windows 10 version, and one graph showing vulnerable devices by Windows 10 version over time.](images/tvm-report-version.png) + +## Related topics + +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) +- [Security recommendations](tvm-security-recommendation.md)