How to exclude specific CVEs with CVE exceptions in Microsoft Defender Vulnerability Management (opens in new tab)

Not every CVE should be handled the same way, and choosing the wrong exception type can remove more risk visibility than intended. A security recommendation can include many CVEs. If only one CVE is out of scope, excluding the full recommendation can hide vulnerabilities that still matter in your environment. CVE exceptions help you make a narrower decision: exclude one specific CVE for a defined scope and duration, while keeping the rest of the recommendation active. Use this guide to make p...