Microsoft already offered firmware protection in so called secured-core computers, which have a hardware root of trust. Now the tech giant goes a step further by adding firmware protectoin to Microsoft Defender ATP (advanced threat protection).
The secured-core PCs were Microsoft’s answer to the demand for secure devices that could also block hardware attacks. This offers organisations that are an attractive target for hackers (especially groups supported by nations) better protection. This additional protection also came at a considerable cost. with Microsoft’s newest update of Microsoft Defender ATP, companies would be able to increase security without having to switch to a new device.
Microsoft believes that the Unified Extensible Firmware Interface (UEFI) scanner provides a significantly better overview of which processes are running at certain levels. This should make it easy to detect a rootkit or other malware that changes something during the boot sequence.
The UEFI scanner from Microsoft Defender ATP scans specific firmware on its own and, if found, it will report discrepancies in the Windows Security dashboard. For IT departments there is the possibility to detect specific threats in systems using the Advanced Hunting option.
According to Microsoft, the scanner will mainly be useful for systems where Secure Boot is disabled, or where there is a possibility that the chipset of the motherboard has been configured incorrectly.