The CISA has made an active list were the current exploited vulnerabilities are listed, this query visualizes the the number of vulnerable devices per CVEId. This can help prioritize the vulnerabilities that need patching.
The vulnerabilities is known to be exploited by threat actors, thus depending on your configuration the exploit can also be used to gain access into your environment.
let KnowExploitesVulnsCISA = externaldata(cveID: string, vendorProject: string, product: string, vulnerabilityName: string, dateAdded: datetime, shortDescription: string, requiredAction: string, dueDate: datetime,
notes: string)[@"https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv"] with (format="csv", ignoreFirstRecord=True);
DeviceTvmSoftwareVulnerabilities
| join kind=inner KnowExploitesVulnsCISA on $left.CveId == $right.cveID
| summarize TotalDevices = dcount(DeviceId) by CveId
| sort by TotalDevices
| render columnchart with(title="Active CVEIds CISA KEV")