Merge pull request #1450 from MicrosoftDocs/main

Publish main to live, Tuesday 10:30 AM PST, 09/24

Author: padmagit77

defender-endpoint/gov.md

@@ -7,7 +7,7 @@ ms.author: deniseb
 author: denisebmsft
 ms.reviewer: jesquive
 ms.localizationpriority: medium
-ms.date: 05/08/2024
+ms.date: 09/24/2024
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -182,6 +182,8 @@ These are the features and known gaps for [Mobile Threat Defense (Microsoft Defe
 
 > [!NOTE]
 >
-> <sup>1</sup> The Defender Vulnerability Management Report inaccuracy functionality is not available for GCC, GCC High and DoD customers.
+> <sup>1</sup> The following Defender Vulnerability Management functionality is not available for GCC, GCC High and DoD customers:
+> - Report inaccuracy
+> - Request CVE support
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]

defender-vulnerability-management/fixed-reported-inaccuracies.md

@@ -13,7 +13,7 @@ ms.collection:
   - tier2
 ms.localizationpriority: medium
 ms.topic: troubleshooting
-ms.date: 07/02/2024
+ms.date: 09/19/2024
 ---
 
 # Vulnerability support in Microsoft Defender Vulnerability Management
@@ -42,6 +42,8 @@ The following tables present the relevant vulnerability information organized by
 | 61457 | Fixed inaccurate detections in Mozilla Firefox | 03-Sept-24 |
 | - | Fixed inaccuracy in Microsoft Visual Studio 2015 | 03-Sept-24 |
 | - | Fixed inaccurate detections in Microsoft Teams by excluding downloads file path | 08-Sept-24 |
+| - | Fixed inaccuracy in Suse Kernel-Default-Devel | 09-Sept-24 |
+| 73287 | Fixed inaccuracy in CVE-2024-2800 | 09-Sept-24 |
 | - | Fixed inaccuracy in Python vulnerability - CVE-2024-7592 | 10-Sept-24 |
 | 54061 | Defender Vulnerability Management doesn't currently support Flock | 10-Sept-24 |
 | 68097 | Fixed inaccuracy in OpenSSL vulnerabilities - CVE-2024-4603, CVE-2024-4741 & CVE-2024-5535 | 10-Sept-24 |
@@ -54,6 +56,10 @@ The following tables present the relevant vulnerability information organized by
 | 71626 | Fixed inaccuracy in MongoDB vulnerability - CVE-2024-7553 | 10-Sept-24 |
 | - | Fixed inaccuracy in Cisco Anyconnect Secure Mobility Client vulnerabilities - CVE-2023-20241 & CVE-2023-20240 | 10-Sept-24 |
 | - | Fixed inaccuracy in Plantronics vulnerability - CVE-2024-27460 | 10-Sept-24 |
+| 72402 | Fixed inaccurate detections in FileZilla by excluding server.app path | 10-Sept-24 |
+| - | Added Microsoft Defender Vulnerability Management support to Kusto Explorer | 11-Sept-24 |
+| - | Fixed bad detections in Greenshot | 11-Sept-24 |
+| 71056 | Fixed inaccuracy in ExpressVPN | 11-Sept-24 |
 
 
 ## August 2024

defender-vulnerability-management/tvm-weaknesses.md

@@ -12,7 +12,7 @@ ms.collection:
   - Tier1
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 07/31/2024
+ms.date: 09/24/2024
 ---
 
 # Vulnerabilities in my organization
@@ -81,7 +81,7 @@ If you select a CVE from the weaknesses page, a flyout panel opens with more inf
 
 For each CVE, you can see a list of the exposed devices and the affected software.
 
-## Exploit Prediction Scoring System (EPSS) 
+## Exploit Prediction Scoring System (EPSS)
 
 The Exploit Prediction Scoring System (EPSS) generates a data-driven score for the probability of a known software vulnerability being exploited in the wild. EPSS uses current threat information from the CVE and real-world exploit data. For each CVE, the EPSS model produces a probability score between 0 and 1 (0% and 100%). The higher the score, the greater the probability that a vulnerability will be exploited. Learn more about [EPSS](https://www.first.org/epss/). 
 
@@ -96,7 +96,7 @@ When the EPSS is greater than 0.9, the **Threats** column tooltip is updated wit
    :::image type="content" source="/defender/media/defender-vulnerability-management/tvm-weaknesses-epss-tip.png" alt-text="Screenshot of the weaknesses epss score in the threat tooltip." lightbox="/defender/media/defender-vulnerability-management/tvm-weaknesses-epss-tip.png":::
 
 > [!NOTE]
- > Note that if the EPSS score is smaller than 0.001, it’s considered to be 0. 
+> Note that if the EPSS score is smaller than 0.001, it’s considered to be 0. 
 
 You can use the [Vulnerability API](/defender-endpoint/api/vulnerability) to see the EPSS score. 
 
@@ -126,17 +126,20 @@ You can request for support to be added to Defender Vulnerability Management for
 1. Select the CVE from the [Weaknesses](https://security.microsoft.com/vulnerabilities/cves) page in the Microsoft Defender portal
 2. Select **Please support this CVE** from the Vulnerability details tab
 
-The request is sent to Microsoft and will assist us in prioritizing this CVE among others in our system.
+   The request is sent to Microsoft and will assist us in prioritizing this CVE among others in our system.
 
-:::image type="content" alt-text="Weakness flyout with support CVE button example." source="/defender/media/defender-vulnerability-management/weaknesses-support-cve.png" lightbox="/defender/media/defender-vulnerability-management/weaknesses-support-cve.png":::
+   > [!NOTE]
+   > Request CVE support functionality is not available for GCC, GCC High and DoD customers.
+
+   :::image type="content" alt-text="Weakness flyout with support CVE button example." source="/defender/media/defender-vulnerability-management/weaknesses-support-cve.png" lightbox="/defender/media/defender-vulnerability-management/weaknesses-support-cve.png":::
 
 ## View Common Vulnerabilities and Exposures (CVE) entries in other places
 
 ### Top vulnerable software in the dashboard
 
 1. Go to the [Defender Vulnerability Management dashboard](tvm-dashboard-insights.md) and scroll down to the **Top vulnerable software** widget. You'll see the number of vulnerabilities found in each software, along with threat information and a high-level view of device exposure over time.
 
-:::image type="content" alt-text="Top vulnerable software card." source="/defender/media/defender-vulnerability-management/tvm-top-vulnerable-software500.png" lightbox="/defender/media/defender-vulnerability-management/tvm-top-vulnerable-software500.png":::
+   :::image type="content" alt-text="Top vulnerable software card." source="/defender/media/defender-vulnerability-management/tvm-top-vulnerable-software500.png" lightbox="/defender/media/defender-vulnerability-management/tvm-top-vulnerable-software500.png":::
 
 2. Select the software you want to investigate.
 3. Select the **Discovered vulnerabilities** tab.
@@ -161,9 +164,9 @@ To see the detection logic:
 2. Select **Open device page** and select **Discovered vulnerabilities** from the device page.
 3. Select the vulnerability you want to investigate.
 
-A flyout opens and the **Detection logic** section shows the detection logic and source.
+   A flyout opens and the **Detection logic** section shows the detection logic and source.
 
-:::image type="content" alt-text="Detection Logic example that lists the software detected on the device and the KBs." source="/defender/media/defender-vulnerability-management/tvm-cve-detection-logic.png":::
+   :::image type="content" alt-text="Detection Logic example that lists the software detected on the device and the KBs." source="/defender/media/defender-vulnerability-management/tvm-cve-detection-logic.png":::
 
 The "OS Feature" category is also shown in relevant scenarios. This is when a CVE would affect devices that run a vulnerable OS if a specific OS component is enabled. For example, if Windows Server 2019 or Windows Server 2022 has vulnerability in its DNS component we only attach this CVE to the Windows Server 2019 and Windows Server 2022 devices with the DNS capability enabled in their OS.
 
@@ -177,7 +180,7 @@ Report a false positive when you see any vague, inaccurate, or incomplete inform
 4. Fill in the requested details about the inaccuracy. This varies depending on the issue you're reporting.
 5. Select **Submit**. Your feedback is immediately sent to the Microsoft Defender Vulnerability Management experts.
 
-:::image type="content" alt-text="Report inaccuracy options." source="/defender/media/defender-vulnerability-management/report-inaccuracy-software.png" lightbox="/defender/media/defender-vulnerability-management/report-inaccuracy-software.png":::
+   :::image type="content" alt-text="Report inaccuracy options." source="/defender/media/defender-vulnerability-management/report-inaccuracy-software.png" lightbox="/defender/media/defender-vulnerability-management/report-inaccuracy-software.png":::
 
 ## Related articles
 

defender-xdr/copilot-in-defender-device-summary.md

@@ -53,7 +53,7 @@ You can access the device summary capability through the following ways:
 
    :::image type="content" source="/defender/media/copilot-in-defender/device-summary/copilot-defender-device-summary-device-page-small.png" alt-text="Screenshot of the device summary results in Copilot in Defender." lightbox="/defender/media/copilot-in-defender/device-summary/copilot-defender-device-summary-device-page.png":::
 
-- From an incident page, you can choose a device on the incident graph and then select **Device details** (1). On the device pane, select **Summarize** (2) to generate the device summary. The summary is displayed in the Copilot pane.
+- From an incident page, you can choose a device on the incident graph and then (1) select **Device details**. On the device pane, (2) select **Summarize** to generate the device summary. The summary is displayed in the Copilot pane.
 
    :::image type="content" source="/defender/media/copilot-in-defender/device-summary/copilot-defender-device-summary-device-page-small.png" alt-text="Screenshot highlighting the steps to access the device summary in an incident page in Copilot in Defender." lightbox="/defender/media/copilot-in-defender/device-summary/copilot-defender-device-summary-device-page-small.png":::
 

defender-xdr/security-copilot-defender-identity-summary.md

@@ -51,21 +51,21 @@ You can access the identity summary capability in the following ways:
 
 - From an incident page, choose an identity on the incident graph and then (1) select **User details**. In the user details pane, (2) select **Summarize**. The results are displayed in the Copilot side panel.
 
-   :::image type="content" source="/defender/media/copilot-in-defender/identity-summary/identity-incident-graph-small.png" alt-text="Screenshot showing the Summarize option in the user details pane." lightbox="/defender/media/copilot-in-defender/identity-summary/identity-incident-graph.png":::
+   :::image type="content" source="/defender/media/copilot-in-defender/identity-summary/identity-summary-incident-small.png" alt-text="Screenshot showing the Summarize option in the user details pane." lightbox="/defender/media/copilot-in-defender/identity-summary/identity-summary-incident.png":::
 
 - Alternatively, you can select **Go to user page** on the bottom of the user details pane to open the user page. Copilot automatically generates the identity summary and displays the side panel upon opening the user page.
 
 - You can also access the identity summary capability by choosing a user in the **Assets** tab of an incident. Select **Summarize** in the user details pane to generate the identity summary.
 
-   :::image type="content" source="/defender/media/copilot-in-defender/identity-summary/identity-assets-small.png" alt-text="Screenshot showing the Assets tab and a user account highlighted." lightbox="/defender/media/copilot-in-defender/identity-summary/identity-assets.png":::
+   :::image type="content" source="/defender/media/copilot-in-defender/identity-summary/identity-summary-assets-small.png" alt-text="Screenshot showing the Assets tab and a user account highlighted." lightbox="/defender/media/copilot-in-defender/identity-summary/identity-summary-assets.png":::
 
 - In an alert page, select a user then select **Summarize** in the user details pane to generate the identity summary.
 
 - In the advanced hunting page, you can access the identity summary capability by selecting a user in the results table, then selecting the link to the user page. Copilot automatically generates the identity summary and displays the side panel upon opening the user page.
 
 - From the main menu, navigate to **Assets > Identities**. Select a username from the list, then select **View user page** to open the user page. Copilot automatically generates the identity summary and displays the side panel upon opening the user page.
 
-   :::image type="content" source="/defender/media/copilot-in-defender/identity-summary/identity-identities-small.png" alt-text="Screenshot highlighting the view user page option in an username search within Identities." lightbox="/defender/media/copilot-in-defender/identity-summary/identity-identities.png":::
+   :::image type="content" source="/defender/media/copilot-in-defender/identity-summary/identity-summary-viewuser-small.png" alt-text="Screenshot highlighting the view user page option in an username search within Identities." lightbox="/defender/media/copilot-in-defender/identity-summary/identity-summary-viewuser.png":::
 
 - Type a username in the Microsoft Defender portal’s **search box** then select the username from the search results. In the user details side panel, select **Summarize** to generate the identity summary.