FleetDM Adds Microsoft Office Vulnerability Scanner, Targeting Enterprise Security Gaps

FleetDM, the open-source device management platform, has introduced a new vulnerability detection module specifically for Microsoft 365 Apps and Office products on Windows. This addition, detailed in a GitHub pull request, represents a direct move to close a significant security monitoring gap for enterprise IT and security teams. The tool automates the process of identifying unpatched Office installations across a managed fleet, a critical capability given the persistent targeting of productivity software by threat actors.

The new scanner operates by scraping the latest security update data directly from Microsoft's official Office security updates page. It then generates an optimized, version-indexed bulletin in JSON format, which is synchronized from FleetDM's own repository. The core analysis function compares the installed Office version on each host—using the specific `16.0.<build_prefix>.<build_suffix>` format—against the bulletin to flag vulnerable builds. Supported products include Microsoft 365 Apps for enterprise, Office LTSC 2024/2021, and Office 2019, covering a broad swath of the corporate environment.

This development signals a push for more granular, application-level security posture assessment within device management platforms. For security operations, it automates a traditionally manual and error-prone check, providing continuous visibility into one of the most ubiquitous and frequently exploited software suites. The integration into FleetDM's existing NVD (National Vulnerability Database) sync pipeline suggests a strategy of bundling OS and application vulnerability intelligence into a single operational workflow, increasing pressure on enterprises to maintain comprehensive patch compliance beyond just the operating system.