New Blog | New at Secure: Enhanced Vulnerability Profiles and CVE Search within MDTI

Microsoft

The Microsoft Defender Threat Intelligence (MDTI) team revamped vulnerability profiles to improve customers’ ability to access world-class intelligence on vulnerabilities and exposures within the Defender XDR portal.

 

These exciting updates include:

 

  • A new layout that mirrors the design of our Threat Actor and Tool intel profiles for a more consistent experience
  • Vulnerability profiles sorted by published date by default in list view to display a steady feed of new, high importance CVEs
  • The decoupling of Vulnerability Profiles from open-source Common Vulnerabilities and Exposures (CVEs) so customers can access all available information on vulnerabilities
  • An enhanced CVE search experience: searches will return all content related to a vulnerability instead of directing a user to a CVE information page.

These enhancements will provide a more intuitive experience for surfacing content related to CVEs, offering critical context on threats and information within alerts and incidents.

 

What are Vulnerability Profiles?

 

Vulnerability Profiles are MDTI’s newest intel profile type, launched at Microsoft Ignite in November. Building off our work to introduce intel profiles to MDTI, which has become the definitive source of Microsoft’s shareable knowledge on over 200 threat actors and 70 tools, MDTI now also contains over 75 extensive profiles of the CVEs deemed most critical and relevant by our dedicated security researchers.

 

Amid the many vulnerabilities teams must keep track of — old and new, with varying degrees of prominence and impact as threat actors adjust their techniques, tactics, and procedures (TTPs) — Vulnerability Profiles tilt the advantage back in favor of defenders by delivering focused, actionable insights and recommendations on how to protect against the most critical CVEs, based on information garnered from Microsoft’s 65 trillion threat signals per day.

 

By routinely visiting the “Vulnerabilities” tab on the Intel Profiles page in Defender XDR, customers will see a steady stream of new profiles, sorted by published date, indicating CVEs that are considered pressing by Microsoft’s security researchers. This enables CISOs, Vulnerability Managers, SOC Analysts and Cyber Threat Intelligence Analysts alike to remain informed on these CVEs to prioritize detections and implement patching on endpoints and other recommendations in their environment for the vulnerabilities which are most relevant to their organization.

 

Vulnerability Profiles are accessible from the “Intel profiles” page within the “Threat intelligence” blade in the left navigation. See these profiles by clicking on the “Vulnerabilities” tab:

 

TonyOPS_0-1710526056485.png

 

Vulnerability Profiles are accessible from the “Vulnerabilities” tab on the Intel Profiles page, which is contained under the threat intelligence blade in the left navigation.

 

On the Vulnerability Profiles list view, the “Profile” column displays the CVE number, title, and summary of the profile, whereas the right-most column displays the published date, indicating how recently Microsoft wrote about the vulnerability. Under the “Intelligence” column in the Vulnerability Profiles list view, customers will see priority and CVSS scores as well as indications of active exploitation (“Active exploitation observed”), dark web chatter (“Chatter Observed”), and available public proof of concept exploits (“POC Available”, "1 Published POC") for these vulnerabilities.

 

Vulnerability Profiles are decorated with proprietary information from Microsoft’s own research and telemetry that can only be found in our intel profiles. This includes original research such as observations of active exploitation in the wild; detailed analysis of the methods used to exploit these CVEs by malicious actors; detections and Advanced Hunting queries that will indicate or alert on related activity in an organization’s network; and recommendations to protect against the threat.

 

Read the full post here: New at Secure: Enhanced Vulnerability Profiles and CVE Search within MDTI - Microsoft Tech Community 

0 Replies