Why defender for endpoints say that does't exist the CVE-2013-3900 and when I see the REG entry, they really exist ?

Andrew Matheus da Silva Lobo 5 Reputation points
2024-09-24T11:54:06.35+00:00

In the Microsoft Defender for Endpoint (MDE) console, when I search for CVE-2013-3900 (WinVerifyTrust), the results show zero vulnerable endpoints. However, mitigating this CVE primarily involves creating a registry entry, and in all the endpoints I’ve analyzed, none have this registry entry in place. Other vulnerability assessment tools detect this vulnerability, but MDE does not.

My question is: Why does MDE fail to recognize the vulnerability while other tools do ?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,423 questions
{count} vote

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.