topic Unpatched Vulnerabilities Protection in Cortex XDR Discussions

Unpatched Vulnerabilities Protection

Abdullah-Tariq — Thu, 08 May 2025 09:10:24 GMT

Hi,

I see this written in Unpartched vulnerability protection module section "Modify system settings temporarily as a workaround to protect unpatched endpoints from known vulnerabilities".

I have searched but found no details regarding this, can anyone please explain how does this work?

Also, is there any protection against 0 day vulnerabilities in cortex?

Thanks,

Re: Unpatched Vulnerabilities Protection

aspatil — Tue, 13 May 2025 06:21:22 GMT

Hello @Abdullah-Tariq ,

This step provides a temporary workaround for the following publicly known information-security vulnerabilities and exposures: CVE-2021-24074, CVE-2021-24086 and CVE-2021-24094.

If you choose not to patch the endpoint, the Unpatched Vulnerabilities Protection capability allows the Cortex XDR agent to apply a workaround to protect the endpoints from the known vulnerability. It takes the Cortex XDR agent up to 6 hours to enforce your configured policy on the endpoints.

Refer to step 7 in below article for more information:
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Set-up-exploit-prevention-profiles

Yes, to an extent. Cortex XDR uses several capabilities to provide proactive protection against unknown threats, including 0-days:

Behavioral Threat Protection (BTP):

Detects malicious behaviors and attack patterns, regardless of file signatures.

Can block suspicious activity even from unknown exploits.

Exploit Protection & Module Load Protection:

Intercepts suspicious exploit techniques such as memory corruption, code injection, etc.

Effective against many 0-day exploits, especially those targeting known vectors.

AI-Driven Local Analysis and WildFire Integration:

Uses static and dynamic analysis to detect new, unknown malware.

Analytic Rules & BIOC (Behavioral Indicators of Compromise):

Detects advanced tactics even without specific IOCs.

However:

No solution can guarantee 100% protection against all zero-day attacks, but Cortex XDR significantly reduces risk by combining multiple protection layers and telemetry-based analytics.

If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.

Re: Unpatched Vulnerabilities Protection

Abdullah-Tariq — Wed, 14 May 2025 08:40:22 GMT

@aspatil wrote:

Hello @Abdullah-Tariq ,

This step provides a temporary workaround for the following publicly known information-security vulnerabilities and exposures: CVE-2021-24074, CVE-2021-24086 and CVE-2021-24094.

So it is for only these CVE, no other known vulnerability?

And as for patching, i ask because some solutions like trend micro deep security claim to provide virtual patching capabilities. I was just trying to compare cortex to that.