HomeWinBuzzer NewsMicrosoft Introduces Vulnerable Components Inventory in Defender Vulnerability Management

Microsoft Introduces Vulnerable Components Inventory in Defender Vulnerability Management

Microsoft Defender expanded with a feature listing vulnerable components like Log4j, simplifying identification and fixing of software security risks.

-

Microsoft has expanded its Microsoft Defender Vulnerability Management service by introducing a preview of the Vulnerable Components Inventory feature. The new feature provides a comprehensive list of software vulnerabilities within an organization, focusing on components such as the widely-utilized open-source Log4j and OpenSSL. It is designed to simplify the process of identifying and addressing potential security risks associated with outdated or compromised software.

Security and Management Enhanced

The inventory yields a detailed summary within the Defender portal, accessible through a “Vulnerable components” tab. IT professionals have access to data organized by component name and the vendor, the tally of identified vulnerabilities, and any associated active threats or alerts. Microsoft’s implementation acknowledges the increasing complexity of software ecosystems, where reliance on open-source packages and commercial third-party components has made vulnerability tracking more challenging for security teams.

Microsoft asserts that understanding such vulnerabilities is critical as they may be hidden within commonly used software. The addition of the Vulnerable Components Inventory aims to streamline the recognition and remediation process for security teams.

Future Development and Availability

While enriching the service experience, Microsoft also promises the continual expansion of the Vulnerable Components Inventory, aligning with an ever-changing threat landscape and customer feedback. Recently, components such as WebP and Apache Struts 2 have been integrated into the list.

There was no clear indication from Microsoft regarding whether the inventory feature will be incorporated as a standard for all users of the Microsoft Defender Vulnerability Management solution. In a previous standalone version of the service launched last year, users with Defender for Endpoint P2 licenses had to purchase an additional module to access full capabilities.

The announcement from Microsoft comes at a time of heightened attention to cybersecurity threats worldwide. With increasing incidents of data breaches and cyber-attacks, services like Microsoft Defender Vulnerability Management play a crucial role in the preemptive detection and mitigation of vulnerabilities that could be exploited by malicious actors.

In conclusion, Microsoft is enhancing its security portfolio by providing IT professionals with actionable security recommendations and a clearer view of the vulnerabilities in their organizations’ software components. The technology giant continues to adapt its offerings to meet the demands of a dynamic cybersecurity environment.

Last Updated on November 7, 2024 10:51 pm CET

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
We would love to hear your opinion! Please comment below.x
()
x
Mastodon