Microsoft is launching the public preview for hardware and firmware assessments in Microsoft Defender Vulnerability Management, a new feature designed to give organizations full visibility into device manufacturer, processor and BIOS information.
According to the Redmon, Wash. IT giant, firmware and hardware attacks are on the rise as hackers target hardware components to gain high privilege and maintain persistence. With visibility into hardware vulnerabilities, the new add-on Defender feature can help organizations see their exposure to firmware vulnerabilities and get remediation instructions and recommended firmware versions to deploy.
”This new premium capability provides customers with information to effectively measure firmware risk, information they previously were unable to obtain,” the company says in a blog. “With new firmware and hardware information, customers can make more informed decisions and take corrective actions to prevent attacks.”
Currently in public preview, the capability allows for new inventory for system models, processors and BIOS across Windows, Linux and MacOS; vulnerability assessment for processors and BIOS weaknesses for HP, Dell and Lenovo; evaluation of the UEFI Secure Boot mode setting for Windows and Linux; and the ability to retrieve system model, processor and BIOS information using export API and Advanced Hunting.
To use the feature, go to Vulnerability management > Inventories in the Microsoft 365 Defender portal and select the Hardware and Firmware tab. From there, admins can select the Laptop, desktop and sever modals page to see a list of all system models in the organization. This page also sows a view of the number of models per vendor. A flyout panel will open with the model software details for each model.
Similarly, the Processors and BIOS pages also shows the number of each per vendor, and flyout panels also offer more details about vulnerabilities level of exposure.
The hardware and firmware assessments feature in Microsoft Defender Vulnerability Management also offer information on missing security updates that should be installed on the device to remediate discovered BIOS vulnerabilities and find other processor and BIOS weaknesses, according to a Microsoft support document.