deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
Thomas Raya 9141a8fb93
Merge pull request #1479 from MicrosoftDocs/TVMRBACOctUpd8 
TVM RBAC Oct update
2019-11-01 08:07:07 -07:00

8.9 KiB
Raw Blame History

title, description, keywords, search.product, search.appverid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic, ms.date
title description keywords search.product search.appverid ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.author author ms.localizationpriority manager audience ms.collection ms.topic ms.date
Weaknesses The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization, their severity, Common Vulnerability Scoring System (CVSS) rating, its prevalence in your organization, breach, and threat insights. mdatp threat & vulnerability management, mdatp tvm weaknesses page, finding weaknesses through tvm, tvm vulnerability list, vulnerability details in tvm eADQiWindows 10XVcnh met150 w10 deploy library security dolmont DulceMontemayor medium dansimp ITPro M365-security-compliance conceptual 10/31/2019

Weaknesses

Applies to:

[!includePrerelease information]

Threat & Vulnerability Management leverages the same signals in Microsoft Defender ATP's endpoint protection to scan and detect vulnerabilities.

The Weaknesses page lists down the vulnerabilities found in the infected software running in your organization, their severity, Common Vulnerability Scoring System (CVSS) rating, its prevalence in your organization, corresponding breach, and threat insights.

Important

To boost your vulnerability assessment detection rates, you can download the following mandatory security updates and deploy them in your network:

Downloading the above-mentioned security updates will be mandatory starting Patch Tuesday, October 8, 2019.

Navigate through your organization's weaknesses page

You can access the list of vulnerabilities in a few places in the portal:

  • Global search
  • Weaknesses option in the navigation menu
  • Top vulnerable software widget in the dashboard
  • Discovered vulnerabilities page in the machine page

Vulnerabilities in global search

  1. Click the global search drop-down menu.
  2. Select Vulnerability and key-in the Common Vulnerabilities and Exposures (CVE) ID that you are looking for, then click the search icon. The Weaknesses page opens with the CVE information that you are looking for. tvm-vuln-globalsearch
  3. Select the CVE and a flyout panel opens up with more information - the vulnerability description, exploits available, severity level, CVSS v3 rating, publishing and update dates.

Note

To see the rest of the vulnerabilities in the Weaknesses page, type CVE, then click search.

Weaknesses page in the menu

  1. Go to the Threat & Vulnerability Management navigation menu and select Weaknesses to open up the list of vulnerabilities found in your organization.
  2. Select the vulnerability that you want to investigate to open up a flyout panel with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, dates when it was published and updated, related software, exploit kits available, vulnerability type, link to useful reference, and number of exposed machines which users can also export.
    Screenshot of the CVE details in the flyout pane in the Weaknesses page

Top vulnerable software widget in the dashboard

  1. Go to the Threat & Vulnerability Management dashboard and scroll down to the Top vulnerable software widget. You will see the number of vulnerabilities found in each software along with threat information and a high-level view of the device exposure trend over time. tvm-top-vulnerable-software
  2. Click the software that you want to investigate and it takes you to the software page. You will see the weaknesses found in your machine per severity level, in which machines are they installed, version distribution, and the corresponding security recommendation.
  3. Select the Discovered vulnerabilities tab.
  4. Select the vulnerability that you want to investigate to open up a flyout panel with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, publish, and update dates.

Discovered vulnerabilities in the machine page

  1. Go to the left-hand navigation menu bar, then select the machine icon. The Machines list page opens.
    Screenshot of Machines list page
  2. In the Machines list page, select the machine that you want to investigate.
    Screenshot of machine list with selected machine to investigate

    A flyout pane opens with machine details and response action options.
    Screenshot of the flyout pane with machine details and response options
  3. In the flyout pane, select Open machine page. A page opens with details and response options for the machine you want to investigate.
    Screenshot of the machine page with details and response options
  4. Select Discovered vulnerabilities.
  5. Select the vulnerability that you want to investigate to open up a flyout panel with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, publish, and update dates.

How it works

When new vulnerabilities are released, you would want to know how many of your assets are exposed. You can see the list of vulnerabilities and the details in the Weaknesses page.

If the Exposed Machines column shows 0, that means you are not at risk.

If exposed machines exist, that means you need to remediate the vulnerabilities in those machines because they put the rest of your assets and your organization at risk.

You can also see the related alert and threat insights in the Threat column.

The breach insights icon is highlighted if there is a vulnerability found in your organization. Prioritize an investigation because it means there might be a breach in your organization.

tvm-breach-insights

The threat insights icons are highlighted if there are associated exploits in the vulnerability found in your organization. It also shows whether the threat is a part of an exploit kit, connected to specific advanced persistent campaigns or activity groups for which, Threat Analytics report links are provided that you can read, has zero-day exploitation news, disclosures, or related security advisories.

tvm-threat-insights

Note

Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight threat insight icon and breach insight possible active alert icon.

Report inaccuracy

You can report a false positive when you see any vague, inaccurate, missing, or already remediated vulnerability information in the machine page.

  1. Select the Discovered vulnerabilities tab.

  2. Click : beside the vulnerability that you want to report about, and then select Report inaccuracy. Screenshot of Report inaccuracy control from the machine page in the Discovered vulnerabilities tab
    A flyout pane opens.
    Screenshot of Report inaccuracy flyout pane

  3. From the flyout pane, select the inaccuracy category from the Discovered vulnerability inaccuracy reason drop-down menu.
    Screenshot of discovered vulnerability inaccuracy reason drop-down menu

  4. Include your email address so Microsoft can send you feedback regarding the inaccuracy you reported.

  5. Include your machine name for investigation context.

Note

You can also provide details regarding the inaccuracy you reported in the Tell us more (optional) field to give the threat and vulnerability management investigators context.

  1. Click Submit. Your feedback is immediately sent to the Threat & Vulnerability Management experts with its context.

Related topics