Microsoft released a new update for the Windows defender engine to fix a critical vulnerability (CVE-2019-1255). The latest engine version 1.1.16400.2 fixes the issue, however, it might not be so straight forward to view exactly which machines still need to be updated. You can learn more about it in our Windows Defender flaw blog post.
Fortunately, with the audit below, you can get an overview of your environment and whether the Windows defender engine has been updated or not. This way you can monitor the update progress and identify assets that might have issues receiving the automatic Windows defender updates.
To monitor the update process for the Windows Defender flaw, CVE-2019-1255, you will have to add the following registry keys and value names to custom registry scanning configuration.
Rootkey: HKEY_LOCAL_MACHINE
Regpath: SOFTWAREMicrosoftWindows DefenderSignature Updates
Regvalue: EngineVersionRootkey: HKEY_LOCAL_MACHINE
Regpath: SOFTWAREMicrosoftMicrosoft AntimalwareSignature Updates
Regvalue: EngineVersion