Edit

Share via

Software components

  • Applies to: Microsoft Defender Vulnerability Management, Microsoft Defender for Endpoint Plan 2, Microsoft Defender XDR, Microsoft Defender for Servers Plan 1 & 2

Note

The Vulnerability Management section in the Microsoft Defender portal is now located under Exposure management. With this change, you can now consume and manage security exposure data and vulnerability data in a unified location, to enhance your existing Vulnerability Management features. Learn more.

These changes are relevant for Preview customers (Microsoft Defender XDR + Microsoft Defender for Identity preview option).

Important

Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.

It's becoming increasingly difficult for security administrators to identify and mitigate the security and compliance risks associated with common, proprietary, and open-source software components and dependencies used in their organizations. To help address this challenge, Defender Vulnerability Management provides support to identify, report on, and recommend remediations for vulnerabilities found in components known to have had security issues in the past.

With visibility into which software components are present on a device, security administrators can focus their attention and resources on taking steps to reduce the associated risks.

Note

The Vulnerable components page has been renamed to Software components.

Tip

Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to sign up for a free trial.

Navigate to the Software components page

  1. In the Microsoft Defender portal, do one of the following:
    • If you're a Microsoft Defender XDR + Microsoft Defender for Identity preview customer, select Exposure management > Vulnerability management > Inventories.
    • If you're an existing customer, select Endpoints > Vulnerability management > Inventories.
  2. Select the Software components tab.

The Software components page opens with a list of known software components identified in your organization. It provides information including the component name and vendor, the number of weaknesses found for that component, and if there are active threats or alerts associated with it.

Example of the landing page for software components.

Supported components

Defender Vulnerability Management supports the following software components:

  • OpenSSL
  • LiteDB
  • XZ Utils
  • Log4J
  • libwebp
  • Apache Commons Text
  • Spring Framework
  • Apache Tomcat
  • Next.js
  • Ghostscript (GPL)
  • React Server DOM Webpack
  • Apache Struts
  • React Native Community CLI
  • Spring Framework
  • Apache Parquet Avro
  • Langflow
  • Ghostscript
  • SAP NetWeaver Application Server Visual Composer
  • React Server DOM Parcel
  • React Server DOM Turbopack

Component details

Select a software component to open a flyout pane where you'll find more information about that software component.

Example of the Software components details page.

Select the Devices with components tab to see a list of devices the component is installed on.

Select the Vulnerable files tab to see information on the vulnerable file paths and versions, the related vulnerabilities, and the exposed devices.

Example of the Software components vulnerable files page.

From the flyout pane, you can also dive deeper into the component by selecting Open component page, see software components page, or flag any technical inconsistencies by selecting Report inaccuracy, see Report inaccuracy.

Software components page

Select Open component page for a software component to see all the details for that component:

Example of the Software components page.

The page includes information on the component vendor, the devices the component is installed on, and data visualizations showing the number of discovered vulnerabilities and exposed devices.

Tabs are available with information specific to the software component, such as:

  • Corresponding security recommendations for the vulnerabilities identified.
  • Vulnerable files information including the vulnerable file paths and versions, the related vulnerabilities, along with the exposed devices.

View recommendations

To view the security recommendations for software components:

  1. In the Inventories page, select the Software components tab.
  2. Select a software component and select Go to related security recommendation in the flyout pane.

Or select Open component page from the component flyout pane and select the Security recommendations tab from the component page.

Example of a software recommendation for a software component.

When you select a security recommendation, you'll see in the flyout pane that the security recommendation is of type Owning app.

This is because there's no easy way to fix or patch a software component. The Owning app label allows security administrators to use the information about the software component to evaluate the effect of any proposed remediation on the whole organization.

Software components on devices

You can also view a list of software components on a device. With a device page open, select Inventories and then Software components to see a list of software components installed on that device.

  • Last updated on