1,567 questions
Why defender for endpoints say that does't exist the CVE-2013-3900 and when I see the REG entry, they really exist ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 24%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Andrew Matheus da Silva Lobo
5
Reputation points
In the Microsoft Defender for Endpoint (MDE) console, when I search for CVE-2013-3900 (WinVerifyTrust), the results show zero vulnerable endpoints. However, mitigating this CVE primarily involves creating a registry entry, and in all the endpoints I’ve analyzed, none have this registry entry in place. Other vulnerability assessment tools detect this vulnerability, but MDE does not.
My question is: Why does MDE fail to recognize the vulnerability while other tools do ?
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
{count} vote
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 87%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPI%3C/text%3E%3C/svg%3E)
Prathista Ilango 265 Reputation points Microsoft Employee2024-11-18T07:28:09.6333333+00:00 Hello @Andrew Matheus da Silva Lobo
I am not sure why MDE is not flagging this. It's recommended to reach out to Microsoft support for a definite answer, as they will be able to confirm or help troubleshoot and identify the underlying issue, if any.
You can contact support from here: Contact Microsoft Defender for Endpoint support - Microsoft Defender for Endpoint | Microsoft Learn
Sign in to comment
Sign in to answer