firmware component of vulnerability management
If you have responsibilities in a corporate environment for vulnerability management/security patching of windows based desktops and laptops, how do firmware updates that address critical vulnerabilities compare to software related updates? in terms of frequency of release/admin time to keep current/approach to central deployment of updates? For what it is worth, these are generally HP hardware (+ a few Dell devices).
And does the firmware aspect of effective vulnerability management require additional specialised tooling in order to centrally monitor/scan your desktops/servers for vulnerable firmware versions in operation on your devices, and specialised tooling to deploy new firmware versions 'as and when' required? Or is the approach to large scale deployment of updated firmware versions totally different to software patches?
Any insights into the process would be most helpful. For example, what do you use to even get a complete report from across the estate of devices running dangerous firmware versions to see how vulnerable you are? Or can you get a report on a machine by machine basis from within windows?