Microsoft Defender Vulnerability Management gets a smarter exposure score

Source: Help Net Security

Author: Anamarija Pogorelec

URL: https://www.helpnetsecurity.com/2026/06/01/microsoft-defender-exposure-score-update/

https://www.helpnetsecurity.com/2026/06/01/microsoft-defender-exposure-score-update/

ONE SENTENCE SUMMARY:

Microsoft Defender Vulnerability Management updates exposure scoring using exploitability signals and asset context to better prioritize remediation actions.

MAIN POINTS:

Updated exposure score shifts focus from vulnerability severity to remediation prioritization.
Model combines vulnerability risk, exploitability signals, and asset context for representativeness.
EPSS is used to estimate 30-day exploitation likelihood for CVEs.
Normalized CVE data from multiple sources improves scoring consistency.
Device exposure reflects all vulnerabilities on a device, weighted by risk and context.
Remediation activities more directly reduce device exposure scores under the new model.
Asset context includes internet-facing status and criticality to influence prioritization.
Identical vulnerabilities can warrant different responses depending on affected asset exposure and business value.
Organization-level score is derived from individual asset scores for better environment-wide representation.
Asset-CVE-level remediation impact calculations improve prediction and tracking of score changes.

TAKEAWAYS:

Prioritization improves by emphasizing “where to fix first” rather than only “how severe.”
Exploitability-driven scoring helps surface vulnerabilities more likely to be exploited soon.
Context-aware weighting concentrates attention on high-risk, internet-exposed, or critical devices.
Score shifts after enabling the model require treating results as a new, non-comparable baseline.
Daily score updates and 24-hour remediation lag affect how quickly improvements appear in reporting.