我的组织中存在漏洞 - 威胁和漏洞管理Vulnerabilities in my organization - threat and vulnerability management

适用于:Applies to:

想要体验 Microsoft Defender for Endpoint?Want to experience Microsoft Defender for Endpoint? 注册免费试用版。Sign up for a free trial.

威胁和漏洞管理使用 Defender 终结点保护中的相同信号扫描和检测漏洞。Threat and vulnerability management uses the same signals in Defender for Endpoint's endpoint protection to scan and detect vulnerabilities.

" 漏洞 "页通过列出 CVE 中"常见漏洞和曝光" (CVE) 漏洞。The Weaknesses page lists the software vulnerabilities your devices are exposed to by listing the Common Vulnerabilities and Exposures (CVE) ID. 还可以查看严重性、常见漏洞评分系统 (CVSS) 分级、组织中的普遍程度、相应的漏洞、威胁见解等。You can also view the severity, Common Vulnerability Scoring System (CVSS) rating, prevalence in your organization, corresponding breach, threat insights, and more.

备注

如果没有为漏洞分配正式的 CVE-ID,则由威胁和漏洞管理分配漏洞名称。If there is no official CVE-ID assigned to a vulnerability, the vulnerability name is assigned by threat and vulnerability management.

提示

若要获取有关新漏洞事件的电子邮件,请参阅在 Microsoft Defender for Endpoint中配置漏洞电子邮件通知To get emails about new vulnerability events, see Configure vulnerability email notifications in Microsoft Defender for Endpoint

以几种不同方式访问"漏洞"页面:Access the Weaknesses page a few different ways:

  • 从 Microsoft Defender 安全中心的威胁和漏洞管理导航菜单中选择"漏洞"Selecting Weaknesses from the threat and vulnerability management navigation menu in the Microsoft Defender Security Center
  • 全局搜索Global search

转到威胁和漏洞管理导航菜单,然后选择 "漏洞 "以打开 CVEs 列表。Go to the threat and vulnerability management navigation menu and select Weaknesses to open the list of CVEs.

  1. 转到全局搜索下拉菜单。Go to the global search drop-down menu.
  2. 选择 要查找 的常见漏洞和 (CVE) ID 中的漏洞和密钥,然后选择搜索图标。Select Vulnerability and key-in the Common Vulnerabilities and Exposures (CVE) ID that you're looking for, then select the search icon. " 漏洞" 页面将打开,并包含要查找的 CVE 信息。The Weaknesses page opens with the CVE information that you're looking for. 已选择下拉列表选项"漏洞"的全局搜索框和示例 CVE。Global search box with the dropdown option "vulnerability" selected and an example CVE.
  3. 选择 CVE 打开包含详细信息的飞出面板,包括漏洞描述、详细信息、威胁见解和公开的设备。Select the CVE to open a flyout panel with more information, including the vulnerability description, details, threat insights, and exposed devices.

若要在"漏洞"页中查看其余的漏洞,请键入 CVE,然后选择"搜索"。To see the rest of the vulnerabilities in the Weaknesses page, type CVE, then select search.

漏洞概述Weaknesses overview

修正公开的设备中的漏洞,以降低对资产和组织的风险。Remediate the vulnerabilities in exposed devices to reduce the risk to your assets and organization. 如果 "公开的设备" 列显示"0",则意味着你没有风险。If the Exposed Devices column shows 0, that means you aren't at risk.

登录页面存在缺陷。

泄露和威胁见解Breach and threat insights

当图标为红色时,在"威胁"列中查看任何相关的泄露和威胁见解。View any related breach and threat insights in the Threat column when the icons are colored red.

备注

始终对与持续威胁相关的建议设置优先级。Always prioritize recommendations that are associated with ongoing threats. 这些建议使用威胁见解图标"简单  绘制红色 Bug"进行标记。These recommendations are marked with the threat insight icon Simple drawing of a red bug. 和泄露见解图标  简单绘制一个指向目标的箭头 and breach insight icon Simple drawing of an arrow hitting a target..

如果在组织中发现漏洞,则突出显示"泄露见解"图标。The breach insights icon is highlighted if there's a vulnerability found in your organization. 将鼠标悬停在图标上时可能会显示泄露见解文本的示例。Example of a breach insights text that could show up when hovering over icon. 其中显示"可能的活动警报与此建议关联。"This one says "possible active alert is associated with this recommendation.

如果在组织中发现漏洞存在关联攻击,则突出显示威胁见解图标。The threat insights icon is highlighted if there are associated exploits in the vulnerability found in your organization. 将鼠标悬停在图标上可显示威胁是攻击工具包的一部分,还是连接到特定高级永久市场活动或活动组。Hovering over the icon shows whether the threat is a part of an exploit kit, or connected to specific advanced persistent campaigns or activity groups. 如果可用,有一个指向威胁分析报告的链接,该报告包含零日攻击新闻、披露或相关安全公告。When available, there's a link to a Threat Analytics report with zero-day exploitation news, disclosures, or related security advisories.

将鼠标悬停在图标上时可能显示的威胁见解文本。

获取漏洞见解Gain vulnerability insights

如果选择 CVE,将打开一个飞出面板,该面板将包含详细信息,例如漏洞描述、详细信息、威胁见解和公开的设备。If you select a CVE, a flyout panel will open with more information such as the vulnerability description, details, threat insights, and exposed devices.

  • 相关方案中显示了"OS 功能"类别The "OS Feature" category is shown in relevant scenarios
  • 你可以转到针对每个已公开设备的 CVE 的相关安全建议You can go to the related security recommendation for every CVE with exposed device

漏洞飞出示例。

不支持的软件Software that isn't supported

当前不受威胁和漏洞管理&的 CVES 仍位于"漏洞"页面中。CVEs for software that isn't currently supported by threat & vulnerability management is still present in the Weaknesses page. 由于软件不受支持,因此只有有限的数据可用。Because the software is not supported, only limited data will be available.

使用不受支持的软件的 CES 不会提供公开的设备信息。Exposed device information will not be available for CVEs with unsupported software. 通过选择"公开设备"部分中的"不可用"选项,按不受支持的软件进行筛选。Filter by unsupported software by selecting the "Not available" option in the "Exposed devices" section.

公开的设备筛选器。

查看其他位置的 CVE (项) 漏洞和曝光View Common Vulnerabilities and Exposures (CVE) entries in other places

仪表板中最易受攻击的软件Top vulnerable software in the dashboard

  1. 转到威胁 和漏洞管理仪表板 ,然后向下滚动到" 最易受攻击的软件"小组件Go to the threat and vulnerability management dashboard and scroll down to the Top vulnerable software widget. 你将看到每个软件中发现漏洞的数量,以及威胁信息和设备曝光的一段时间的高级别视图。You will see the number of vulnerabilities found in each software, along with threat information and a high-level view of device exposure over time.

    具有四列的主要易受攻击的软件卡:软件、漏洞、威胁、公开的设备。

  2. 选择要调查的软件以转到向下钻取页面。Select the software you want to investigate to go to a drilldown page.

  3. 选择" 发现的漏洞" 选项卡。Select the Discovered vulnerabilities tab.

  4. 选择要调查的漏洞,了解有关漏洞详细信息的详细信息Select the vulnerability you want to investigate for more information on vulnerability details

    Windows Server 2019 向下钻取概述。

发现设备页面中的漏洞Discover vulnerabilities in the device page

在设备页面中查看相关漏洞信息。View related weaknesses information in the device page.

  1. 转到 Microsoft Defender 安全中心导航菜单栏,然后选择设备图标。Go to the Microsoft Defender Security Center navigation menu bar, then select the device icon. 打开"设备" 列表页。The Devices list page opens.

  2. "设备"列表 页中,选择要调查的设备名称。In the Devices list page, select the device name that you want to investigate.

    包含要调查的选定设备的设备列表。

  3. 设备页面将打开,并包含要调查的设备的详细信息和响应选项。The device page will open with details and response options for the device you want to investigate.

  4. 选择 "发现的漏洞"。Select Discovered vulnerabilities.

    包含详细信息和响应选项的设备页面。

  5. 选择要调查的漏洞,以打开包含 CVE 详细信息的飞出面板,例如:漏洞描述、威胁见解和检测逻辑。Select the vulnerability that you want to investigate to open up a flyout panel with the CVE details, such as: vulnerability description, threat insights, and detection logic.

CVE 检测逻辑CVE Detection logic

与软件证据类似,我们现在显示了在设备上应用的检测逻辑,以表明该设备易受攻击。Similar to the software evidence, we now show the detection logic we applied on a device in order to state that it's vulnerable. 新部分称为"检测逻辑" (发现的设备页中发现的任何漏洞) 显示检测逻辑和来源。The new section is called "Detection Logic" (in any discovered vulnerability in the device page) and shows the detection logic and source.

相关方案中也显示了"OS 功能"类别。The "OS Feature" category is also shown in relevant scenarios. 只有在启用了特定操作系统组件时,CVE 才会影响运行易受攻击的操作系统的设备。A CVE would affect devices that run a vulnerable OS only if a specific OS component is enabled. 假设 Windows Server 2019 的 DNS 组件存在漏洞。Let's say Windows Server 2019 has vulnerability in its DNS component. 借助此新功能,我们将仅将此 CVE 附加到操作系统中启用了 DNS 功能的 Windows Server 2019 设备。With this new capability, we’ll only attach this CVE to the Windows Server 2019 devices with the DNS capability enabled in their OS.

检测逻辑示例,列出在设备和 KB 上检测到的软件。

报告 inaccuracyReport inaccuracy

当你看到任何模糊、不准确或不完整的信息时报告误报。Report a false positive when you see any vague, inaccurate, or incomplete information. 还可以报告已修正的安全建议。You can also report on security recommendations that have already been remediated.

  1. 打开"漏洞"页上的 CVE。Open the CVE on the Weaknesses page.
  2. 选择 "报告不准确", 将打开一个飞出窗格。Select Report inaccuracy and a flyout pane will open.
  3. 从下拉菜单中选择不准确类别,并填写您的电子邮件地址和不准确的详细信息。Select the inaccuracy category from the drop-down menu and fill in your email address and inaccuracy details.
  4. 选择“提交”。Select Submit. 将立即将反馈发送给威胁和漏洞管理专家。Your feedback is immediately sent to the threat and vulnerability management experts.