Microsoft Defender Vulnerability Management: Reporting Inaccuracies and Handling OpenSSL Vulnerabilities

Microsoft maintains a dedicated page for tracking inaccuracies in Microsoft Defender Vulnerability Management (MDVM). This resource helps determine whether new or updated vulnerability support has been added or if issues remain unresolved.

🔗 Reference Links:

• Vulnerability Support in MDVM
• How to Report Inaccuracies

You Should Know:

1. Reporting False Positives in Microsoft Defender

If you encounter vague, inaccurate, or incomplete vulnerability reports, follow these steps:

1. Open the CVE on the Weaknesses page.

2. Click “Report inaccuracy”.

1. Choose the relevant issue from the flyout pane.

4. Provide detailed feedback.

1. Click “Submit” to send it directly to Microsoft’s security team.

2. Handling OpenSSL Vulnerabilities (CVE-2023-49210 & Others)

Many users reported false positives related to OpenSSL in applications like:
– Nvidia Experience
– OneDrive
– Windows system files

Steps to Mitigate False OpenSSL Detections

• For Salesforce-related false positives (common in Office 365 installations):
• The issue stems from the Salesforce ODBC driver (libcurl.dll).
• Manual Removal (Temporary Fix):

  Remove-Item "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\libcurl.dll" -Force
  

• Intune Remediation Script (Automated Removal):

  if (Test-Path "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\libcurl.dll") {
  Remove-Item -Path "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\libcurl.dll" -Force
  Write-Output "File removed."
  } else {
  Write-Output "File not found."
  }
  

• Note: The file may reappear after Office updates. Microsoft is working on a permanent fix.

3. Comparing Defender vs. Nessus for Vulnerability Detection

If Nessus detects vulnerabilities that Defender misses, you can:
– Export Defender’s vulnerability data for cross-validation:

Get-MpComputerStatus | Export-Csv -Path "Defender_Report.csv" -NoTypeInformation

– Check missing CVEs manually and report them via Microsoft’s inaccuracy form.

What Undercode Say

Microsoft Defender’s vulnerability management is powerful but not flawless. False positives (especially with OpenSSL) require manual intervention. Automation via Intune remediation scripts helps, but staying updated with Microsoft’s official advisories is crucial.

For persistent issues, monitor:

• Microsoft Security Response Center (MSRC)
• Reddit sysadmin threads for community fixes.

Key Commands Recap

• Check Defender’s detection status:

  Get-MpThreatDetection
  

• Force a Defender update:

  Update-MpSignature
  

• Scan for vulnerabilities manually:

  Start-MpScan -ScanType FullScan
  

Expected Output:

A structured approach to managing false positives in Defender, leveraging PowerShell for automation, and staying informed via Microsoft’s official channels ensures smoother vulnerability management.

🔗 Additional Resources:

• Microsoft Security Advisory
• Reddit Thread on OpenSSL False Positives

References:

Reported By: Wjpvandenheuvel Microsoft – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram