cloudThing logo in white
Menu open icon
email: info@cloudthing.com
tel: +44 (0) 121 393 4700
Menu closed icon

General

Generally useful pages

Sectors

We know loads about this stuff

What we do

The Building Blocks for cloudThing Magic

UEFI Scanner Added Into Windows 10 By Microsoft

Sun Jun 21 2020

A UEFI scanner has been added into Windows 10 to detect firmware attacks by Cyber Actors

Last week Microsoft announced that it had added a UEFI scanner into its Defender Advanced Threat Protection tool (Defender ATP) to better detect firmware attacks by performing a security assessment that will interact directly with a motherboard chipset.

That means Microsoft’s Defender ATP will now be able to detect malware that has been inserted directly into firmware, adding another layer of security to Microsoft’s already formidable security protocols on Windows 10.

What Is Microsoft Defender ATP?

For those unfamiliar with Microsoft Defender ATP; it’s a type of security technology that lets enterprise level users detect and then quickly respond to emerging cyber threats.

Why Is Malware Infected Firmware So Difficult To Detect?

The reason malware infected firmware is so difficult to detect is that it’s launched before the OS is booted up. That means the majority of the time malicious programmes can remain hidden from third-party antivirus software that only kick in with the OS.

 

In a statement online, Microsoft said that their new UEFI (Unified Extensible Firmware Interface) scanner will interact directly with a motherboard chipset, performing lightning fast security assessments by reading the firmware’s file system at runtime.

 

Microsoft’s UEFI will include…

 

  • UEFI anti-rootkit to reach the firmware through a Serial Peripheral Interface
  • Full file system scanner to examine the contents inside the firmware
  • Detection engine to identify exploits and malicious behaviours

 

If malware is detected at the firmware level the end user will get a security alert through the Defender Security Centre. The threat can then be analysed with appropriate actions being taken to neutralise it. 

Rather than just being a passive tool though, Microsoft also confirmed Defender ATP could be used by IT security teams in an active manner to go on the hunt for existing threats.

 

More updates are expected from Microsoft within the next few days about further new security tools…

 

Not quite ready to get back to work just yet?

Microsoft Dynamics 365: Settings In Solutions

How To Fix DateTime Stamps in Microsoft Dynamics 365

Generate & Nurture Leads With Microsoft Dynamics 365 Sales

Contact Us

Name

*

Company Name

*

Email Address

*

Telephone Number

Is there anything else you'd like us to know?

© cloudThing 2020

Sun Jun 21 2020

email iconinfo@cloudthing.com
© 2020 Copyright cloudThing ltd. All rights reserved. Company registered in England & Wales no. 7510381, VAT no. 152340739