Home Resources Blog Supermicro Servers Fixed After Insecure Firmware Updating Discovered

Supermicro Servers Fixed After Insecure Firmware Updating Discovered

Admin Globaldots
10.09.2018
image 1 Min read

Researchers have sounded a warning about the security of Baseboard Management Controllers (BMCs) – a critical component that datacentres depend on to manage servers.

According to Eclypsium, the BMC used by one server brand, Supermicro, has an insecure updating process that could allow an attacker to modify its firmware or run malware.

Affecting X8 through X11-generation systems, the BMC code wasn’t carrying out cryptographic signature verification before accepting firmware updates, the company said.

BMCs are like powerful computers-within-the-server, complete with their own CPU and memory, that remain turned on even when the server is not being used (not dissimilar to the Intel Management Engine found inside home computers).

When compromised, an attacker would be able to sneak their own modified firmware onto a server – something that would give admins a very bad day at the office.

This is the privileged layer used to issue server wipes and OS reinstalls, which would hand the same power to attackers to take over the system, or to ‘brick’ it as part of a denial-of-service attack, or possibly move sideways to other parts of the network.

It would also be incredibly difficult to detect, let alone stop once it had started – the attacker would have loaded their own firmware after all.

Image Source

Read more: Naked Security by Sophos

Learn More

What is FinOps? The Complete Guide
Cloud Cost Optimization
Nesh (Steven Puddephatt), Senior Solutions Engineer @ GlobalDots 31.05.23

While cloud-computing supports immense innovation – providing limitless resources in the pursuit of greater output and agility – public cloud end-user spending is projected to reach a staggering $600 billion this year. Hyperscale cloud vendors remain driving forces behind this growth, having proven their salt as highly strategic launchpads for digital transformation. The competition for […]

Read more
Cloud Cost Optimization: A Strategic Approach to Business Expansion
Cloud Cost Optimization
Francesco Altomare, Southern Europe Regional Manager @ GlobalDots 18.05.23

FinOps is a strategic framework designed to manage and optimize cloud costs effectively. It’s a transformative approach that brings financial accountability to the forefront of the variable spend model of cloud computing. This model allows businesses to gain a firm grip on their cloud expenses, ensuring that every dollar spent is accounted for and utilized […]

Read more
AWS Data Transfer Cost Optimization: Everything You Need to Know
Cloud Cost Optimization
Nesh (Steven Puddephatt), Senior Solutions Engineer @ GlobalDots 17.05.23

While AWS services provide a wealth of mission-critical services – storing over 2.2 trillion objects in S3 – many organizations are left floundering in the solution’s complex pricing structures. Spanning transfer types and geographies, data transfer costs can be hugely unpredictable and rapidly get out of hand.  Below, we leverage decades of industry experience to […]

Read more
Unlock Your Cloud Potential
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Book a Demo