Home Resources Blog Supermicro Servers Fixed After Insecure Firmware Updating Discovered

Supermicro Servers Fixed After Insecure Firmware Updating Discovered

Admin Globaldots
10.09.2018
image 1 Min read

Researchers have sounded a warning about the security of Baseboard Management Controllers (BMCs) – a critical component that datacentres depend on to manage servers.

According to Eclypsium, the BMC used by one server brand, Supermicro, has an insecure updating process that could allow an attacker to modify its firmware or run malware.

Affecting X8 through X11-generation systems, the BMC code wasn’t carrying out cryptographic signature verification before accepting firmware updates, the company said.

BMCs are like powerful computers-within-the-server, complete with their own CPU and memory, that remain turned on even when the server is not being used (not dissimilar to the Intel Management Engine found inside home computers).

When compromised, an attacker would be able to sneak their own modified firmware onto a server – something that would give admins a very bad day at the office.

This is the privileged layer used to issue server wipes and OS reinstalls, which would hand the same power to attackers to take over the system, or to ‘brick’ it as part of a denial-of-service attack, or possibly move sideways to other parts of the network.

It would also be incredibly difficult to detect, let alone stop once it had started – the attacker would have loaded their own firmware after all.

Image Source

Read more: Naked Security by Sophos

Learn More

You’ll Need Zero Trust, But You Won’t Get It with a VPN
SD-WAN and SASE
Eyal Webber Zvik, Cato Networks 12.01.23

Properly implemented, a zero trust architecture provides much more granular and effective security than legacy security models. However, this is only true if a zero trust initiative is supported with the right tools. Legacy solutions, such as virtual private networks (VPNs), lack the capabilities necessary to implement a zero trust security strategy. Zero Trust Security is […]

Read more
4 Ways Where Remote Access VPNs Fall Short
SD-WAN and SASE
Eyal Webber Zvik, Cato Networks 09.01.23

The Global Content Delivery Network (CDN) market is expected to grow by $42.4 billion between now and 2032.

Read more
slider item
Content Delivery Network (CDN)
Francesco Altomare, Southern Europe Regional Manager @ GlobalDots 04.01.23

A Content Delivery Network (CDN) is a globally distributed network of web servers or Points of Presence (PoP) whose purpose is to provide faster content delivery. The content is replicated and stored throughout the CDN so the user can access the data that is stored at a location that is geographically closest to the user. […]

Read more
Unlock Your Cloud Potential
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Book a Demo