Views:

View information on specific time-critical CVEs detected in your environment along with options for mitigation.

The detection of time-critical CVEs can indicate an ongoing zero-day attack or correspond with high-profile N-day vulnerabilities.
  • Zero-day vulnerabilities have no patch when published, so the vulnerability can only be mitigated.
  • N-day vulnerabilities have patches available when published, so the vulnerability can be mitigated or remediated if your operating system supports the patch.
Trend Micro recommends you address all time critical CVEs immediately to bolster your security posture. When a time-critical CVE is detected in your environment, Trend Vision One displays a security alert in the Vulnerabilities tab of Executive DashboardExposure Overview. Alerts display for 14 days and may involve one or more CVEs.
Important
Important
To detect time-critical CVEs on endpoints, you must have the Trend Endpoint Agent deployed with Advanced Risk Telemetry enabled. Scans for time-critical CVEs occur hourly.
The primary criteria for issuing a time-critical security alert include:
  • High potential impact
  • High likelihood of related exploit attempts
  • Publicly available exploit code
To learn more about a detected time-critical CVE, including affected operating systems, available attack prevention/detection rules, and recommended mitigation or remediation options, click View details in the security alert. Trend Micro only issues time-critical security alerts for vulnerabilities with available mitigation options.
For high-profile N-day vulnerabilities, the CVE profile displays a summary including:
  • The number of assessed devices in your environment
  • How many assessed devices are affected by the vulnerability
  • How many endpoints have been the target of exploit attempts related to the vulnerability
The following table details the information displayed on the profile screen of a time-critical CVE.

Time-Critical CVEs

   
Details
General information about the CVE, including affected operating systems, the number of assessed devices in your environment, devices affected by the vulnerability, and the number of exploit attempts
Attack Prevention/Detection Rules
Displays available rules from Trend Micro products that can mitigate the risk posed by the vulnerability
Note
Note
All Trend Micro products with available attack prevention/detection rules display regardless of whether you have the product connected in your environment. For information about how to purchase Trend Micro products, contact your sales representative.
For more information on connecting products to Operations Dashboard, see Configuring data sources.
Mitigation Options
Provides a set of recommended actions curated by Trend Micro threat experts that you can use to mitigate the selected vulnerability on applicable operating systems.
Reference
Displays additional reference links for the CVE
Affected Devices
Devices in your environment vulnerable to the time-critical CVE
Trend Vision One analyzes detection logs to determine how often attackers have attempted to exploit the vulnerability on each endpoint.
  • Click All vulnerable devices to see all endpoints vulnerable to the CVE
  • Click Investigation recommended to see the endpoints with detected exploit attempts
  • Search for specific endpoints by name
  • Click any device or user name to see a detailed asset profile
  • Select a device to change the status of the CVE on the selected device.