Vulnerability Descriptions enhanced with AI

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

Addressing software vulnerabilities can be challenging, especially when remediation and impact of the CVE may vary across different sources. To address this challenge, the Defender Vulnerability Management team has developed an enhanced description for CVEs using AI technology. This innovative approach involves gathering information from diverse public online sources and validating it through Microsoft dedicated research teams providing a comprehensive summary of CVEs, their impact and recommended remediation steps to minimize risk.

The problem

Understanding a CVE is important to comprehend the potential risks, how it can be exploited, and most importantly, the necessary steps for remediation or mitigation. Feedback from you, our customers and partners, has highlighted that our current CVE descriptions often fall short of providing a holistic view, leading to frustration and additional work having to gather information from multiple sources to bridge the informational gap.

Feature overview

This update leverages advanced artificial intelligence to collect data from diverse open-to-the-internet resources, including NVD, IBM, Google, Debian and our own Microsoft research and threat intelligence, providing a comprehensive overview of CVEs.

We now provide comprehensive details and user-friendly description categorized into four key aspects: 

Here is an example of the updated vulnerability descriptions. 

Thank you for your feedback and we hope you will be able to spend less time researching information and instead able to focus your time on proactively reducing risk and business disruption.