Starting Win10 1809 OpenSSH is pre-installed in Windows 10/11. But OpenSSH vulnerabilities like CVE-2023-38408 are not shown as exposed in the Defender console. Why is Windows w/ OpenSSH pre-installed not affected?

And how is it updated? As part of the monthly cumulative updates?