Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,433 questions
Identifying OS Patches and Updates by Severity in Azure
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 4%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
$@chin
150
Reputation points
Hello,
How can I identify operating system patches or available OS updates on both Linux and Windows Azure VMs based on severity within the Azure Portal, Azure Update Manager, or Microsoft Defender for Cloud ?
In Azure Update Manager, updates are displayed by classification, but it doesn't seem to provide information on severity.
In Defender for Cloud, vulnerabilities are categorized into three levels: High, Medium, and Low, based on threat intelligence, but these don't necessarily reflect the CVSS (Common Vulnerability Scoring System) scores.
How can I map this information or use Azure tools to determine the severity of patches or updates according to CVSS scores, and is there a way to generate a detailed report on this?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 35%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Srinud 3,855 Reputation points Microsoft Vendor2025-02-07T17:32:39.8+00:00 Hi $@chin,
Thank you for reaching out to us on the Microsoft Q&A forum.
To see the CVSS (Common Vulnerability Scoring System) in Microsoft defender cloud. Access the Weaknesses page, select Weaknesses from the Vulnerability management navigation menu in the Microsoft Defender portalThe Weaknesses page opens with a list of the CVEs your devices are exposed to. You can view the severity, Common Vulnerability Scoring System (CVSS) rating, corresponding breach and threat insights,
Please refer the below document for more information:
https://learn.microsoft.com/en-us/defender-vulnerability-management/tvm-weaknessesIf the information is helpful, please consider by clicking the "Upvote" on the post.
If you have any further queries, please let us know in the comment. We are glad to help you. -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 57.99999999999999%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
Dany shoe 0 Reputation points2025-02-07T19:43:03.49+00:00 I'll break down the different ways to identify and assess OS update severity across Azure's tools:
- Azure Update Manager:
- Shows update classifications (Critical, Security, etc.)
- Enables viewing available updates for both Windows and Linux VMs
- Can schedule and manage updates across your environment
- Does not directly show CVSS scores
- Microsoft Defender for Cloud:
- Provides vulnerability assessment with High/Medium/Low severity ratings
- Integrates threat intelligence for risk assessment
- Offers "Security alerts" view showing prioritized vulnerabilities
- Can enable "Qualys vulnerability assessment" for more detailed scanning
- For detailed CVSS mapping:
Windows VMs:
- Use Azure Automation to run PowerShell scripts that query the Microsoft Security Response Center (MSRC) API
- This can map KB articles to their corresponding CVE numbers and CVSS scores
- Can generate custom reports with severity details
Linux VMs:
- Enable Azure Monitor for Linux VMs
- Use Log Analytics queries to collect security update information
- Cross-reference with National Vulnerability Database (NVD) for CVSS scores
For comprehensive reporting:
- Create a Log Analytics workspace
- Enable Update Management solution
- Use Azure Monitor workbooks or Power BI to create custom reports combining:
- Update Manager data
- Defender for Cloud assessments
- CVSS information from external sources
-
Srinud 3,855 Reputation points Microsoft Vendor
2025-02-10T17:09:21.2733333+00:00 Hi $@chin,
I just wanted to check if you had a chance to review comment. If you found it helpful, could you kindly click the “upvote” on my post.If you have any further queries, please let us know in the comment.
Thank you.
-
Srinud 3,855 Reputation points Microsoft Vendor
2025-02-11T12:46:54.9566667+00:00 Hi $@chin,
I just wanted to check if you had a chance to review comment. If you found it helpful, could you kindly click the “upvote” on my post.If you have any further queries, please let us know in the comment.
Thank you.
-
$@chin 150 Reputation points
2025-02-11T20:04:29.36+00:00 Hi @srinud
To access the Microsoft Defender portal, is any additional tenant-level license required, or will Microsoft Defender for server Plan 2 suffice ?
Will the security portal display the details of Linux OS patches or updates along with their severity?
Does it indicate the severity levels such as critical, high, medium, and low?
Also, will the CVSS score displayed on the portal match the score provided on the respective source pages, for instance, if an Ubuntu patch is listed as 'high' severity on the portal, will the severity on the Ubuntu security CVE page be the same on defender security portal? -
$@chin 150 Reputation points
2025-02-11T21:40:06.13+00:00 Hi @Dany shoe ,
Microsoft Defender for Cloud Vulnerability Assessment:
When Microsoft Defender for Cloud performs a vulnerability assessment, it shows the severity of packages. Does the severity assessment rely on external sources like CVEs, or does it differ in some way?
For example, if an Ubuntu package shows high severity in Defender's vulnerability assessment, will the same package show the same high severity on the Ubuntu CVE site?
Additionally, how can we check critical severity levels?
CVSS Mapping:
Can you provide a script or method to map system packages or updates (available in both Linux and Windows) to their corresponding CVSS scores?
In other cloud platforms, system updates or packages are typically classified with severity levels. Does Microsoft Defender for Cloud use a similar classification system for packages?
Additionally, is there an option in Azure Update Manager to view package severity (critical, high, medium, low) for both Windows and Linux systems directly? -
Srinud 3,855 Reputation points Microsoft Vendor
2025-02-14T12:38:16.6766667+00:00 Hi $@chin,
Thank you for your patience.
Microsoft Defender for Server Plan 2 is sufficient for accessing the Microsoft Defender portal, provided that users have the correct roles assigned in Microsoft Entra ID. No additional tenant-level licenses are required beyond this plan for basic access.
The CVSS score on the Microsoft Defender portal may differ from that on Ubuntu's security pages due to varying assessment criteria and contextual factors. It's important to consider multiple sources when evaluating vulnerability severity.
Please find the below document for more information:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint#availability
https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controlsThank you.
-
Sign in to comment
Sign in to answer