Επεξεργασία

Κοινή χρήση μέσω

Hardware and firmware assessment

  • Άρθρο

Applies to:

Note

To use this feature you'll require Microsoft Defender Vulnerability Management Standalone or if you're already a Microsoft Defender for Endpoint Plan 2 customer, the Defender Vulnerability Management add-on.

Firmware and hardware attacks are on the rise. Attackers are increasingly targeting firmware and device drivers of hardware components to gain high privilege and persistence. Visibility into the threat posture of your firmware and hardware, and timely remediation of identified vulnerabilities is a vital part of keeping your organization secure.

Microsoft Defender Vulnerability Management hardware and firmware assessment provides a list of known hardware and firmware in your organization. It provides individual inventories for system models, processors, and BIOS. Each view includes details such as the name of the vendor, number of weaknesses, threats insights, and the number of exposed devices.

Tip

Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to sign up for a free trial.

View your hardware and firmware

To access the hardware and firmware assessment page:

  1. Go to Vulnerability management > Inventories in the Microsoft Defender portal.
  2. Select the Hardware and Firmware tab.

The Hardware and Firmware page opens with individual pages available for:

Note

Weaknesses and exposed devices information is based on security advisories from HP, Dell, and Lenovo and relates to processors and BIOS only. Weaknesses for other vendors are not reported.

Inventory and weaknesses data is collected on Windows, Linux, and MacOS (refer to the list of supported platforms).

Note: processor and BIOS information is not reported on Mac devices with M1 and M2 processors.

Laptop, desktop, and server models inventory

Select the Laptop, desktop, and server models page to see a list of all system models in the organization.

Screenshot of the Laptop, desktop, and server models page

At the top of the page, you can view the number of models per vendor.

When you select a model from the list, a flyout panel will open with the model software details.

Processor inventory

Select the Processors page to see a list of all processors in the organization.

Screenshot of the Processors page

At the top of the page, you can view the number of processors per vendor.

When you select a processor from the list, a flyout panel will open with the processor software details.

BIOS inventory

Select the BIOS page to view a list of all BIOS firmware in the organization.

Screenshot of the BIOS page

At the top of the page, you can view the number of BIOS per vendor.

View BIOS firmware details

To view more details on a BIOS firmware:

  1. Open the Hardware and Firmware page in the Microsoft Defender portal

  2. Select the BIOS page and choose a BIOS in the list to open a flyout panel.

  3. Select Open firmware page to view more details about the BIOS firmware.

    Screenshot of BIOS firmware details

You can select the Version distribution tab to see BIOS versions that are deployed in the organization.

Get more information on missing security updates

Select the Missing security updates tab to see the security updates that should be installed on the device to remediate discovered BIOS vulnerabilities.

When you select an item from the list, a flyout panel will open with a link to the BIOS vendor advisory, a list of exposed devices, and a list of CVEs.

Screenshot missing security updates details

Hardware and firmware on devices

To view the system model, processor, and BIOS information on the device page, select the device from the Installed devices tab and in the flyout panel and select Open device page or select the device directly from the Device inventory page.

Screenshot of the hardware and firmware on the device page

Select See all details to get a flyout panel with more information.

Find processor and BIOS weaknesses

To actively search for processor and BIOS weaknesses:

  1. Go to Vulnerability management > Weaknesses in the Microsoft Defender portal.
  2. Search for 'BIOS' CVEs that relate to the processor or BIOS will be returned.
  3. Select an item from the list to open a flyout panel with more details on the CVE.

On individual devices view processor and BIOS CVEs by selecting the Discovered vulnerabilities tab. Select a CVE to see a flyout panel with more information:

Screenshot of the bios-vulnerability-details page per device

Recommendations for firmware updates

To actively search for firmware recommendations:

  1. Go to Vulnerability management > Recommendations in the Microsoft Defender portal.
  2. Filter on Remediation type 'Firmware update'.

Recommendations will appear to update a specific BIOS version if it's installed on at least 5% of devices across all organizations.

Screenshot of firmware recommendations page

UEFI Secure Boot mode recommendations

Defender Vulnerability Management finds devices where UEFI Secure Boot mode is disabled and recommends enabling it.

To find these recommendations, search for 'scid-2100' or 'boot' in the recommendations page. On selecting a recommendation, a flyout panel will open with more information:

Screenshot of UEFI Secure Boot mode recommendations

Note

This capability is currently supported only on Windows.

Advanced Hunting

You can use advanced hunting queries to gain visibility on hardware and firmware in your organization. Find details about the hardware and firmware installed per device in the DeviceTvmHardwareFirmware table. This table contains hardware and firmware information per device, including system model, processor, and BIOS.

For more information, see advanced hunting.

Hardware and firmware API

You can use APIs to view all hardware and firmware installed in your organization, including component type, vendor, and version.