Forum Discussion
Python Update Recommendation Not Desapearing from Microsoft Vulnerability Management list
Hello,
Microsoft Defender Vulnerability Management is recommending to update Python in my Azure VM Machines since version 3.9 has some critical vulnerabilities.
We did the update to version 3.12 but only the Windows 2019 Datacenter machine is not appearing as Exposed Device anymore.
The procedure to update Python in all machines was the same but the Windows 2016 Datacenter VM´s remains in the Exposed Device list.
Because Python relies on Anaconda, it is not possible to remove the older version completely. The strange thing is why the same proceduro to update the software is seen as diferent by Microsoft Defender Vulnerability Management apparently.
Any advice is highly appreciated.
Thanks in advance
Mirella
3 Replies
Hi mpellizzon,
Yes, you are correct, but, 2016 os will require some additional basepacks, otherwise patch will stay open. Better to upgrade OS to next stable, in your case Windows 2019 or open support ticket with MS defender team to validate. There were few issues in 3.9, not just one reason, CVE-2021-3737, CVE-2022-42919, better if you can share which affect you. This require careful evaluation. For ex, in 2016 SVR 3.12, has vulnerability,CVE-2024-12254
Hello!
Thanks for replying.
After latest Anaconda update, the entries are gone.
Thanks
Mirella
I have the same question.
Any news yet?
