Microsoft announced yesterday that firmware security advisories are now available for the Microsoft Defender Vulnerability Management service. The new feature enables organizations to continuously monitor firmware security advisories based on information from vendors’ websites and inventories as well as third-party websites.
Microsoft Defender Vulnerability Management is a service that allows customers to discover critical vulnerabilities and misconfigurations on macOS, Windows, Linux, Android, and iOS. It continuously monitors and detects risks even when devices are disconnected from the corporate network. The service also provides recommendations that should help to mitigate the biggest security flaws present in critical assets.
“With the ability to filter on exposed devices and view advisories that affect the customer environment, security teams can quickly identify potential vulnerabilities and take action to mitigate them. This is especially important in today’s rapidly evolving threat landscape, where firmware vulnerabilities can be exploited by attackers to gain access to sensitive data or systems,” Microsoft explained.
The firmware security advisories feature allows IT admins to view details about the specific version of the affected software or device. It also provides instructions to update the firmware version and steps to mitigate security threats. The detailed insights let organizations protect their devices against firmware vulnerabilities targeting enterprise networks.
Currently, the new feature only allows organizations to collect security advisories from Lenovo, HP, and Dell. These advisories include details such as Advisory ID, Related CVEs, Severity, Advisory link, Age, Vendor, published/updated date, and Exposed devices.
Microsoft Defender Vulnerability Management is available as an add-on for Defender for Endpoint Plan 2 customers, and it costs $2 per user per month. Meanwhile, the standalone version of the tool is expected to be priced at $3 per user per month. If you’re interested, you can sign up for a free 90-day trial of Microsoft Defender Vulnerability Management on this page.