"Malware Embedded in Supermicro Server Boards: A Security Nightmare Uncovered"

Supermicro Server Motherboards Vulnerable to Unremovable Malware A critical security vulnerability has been discovered in Supermicro server motherboards, allowing hackers to remotely install malicious firmware that runs even before the operating system loads. According to Binarly, a cybersecurity firm that discovered the issue, one of the two vulnerabilities is the result of an incomplete patch released by Supermicro in January. The high-severity vulnerability, identified as CVE-2024-10237, enables attackers to reflash firmware that runs while a machine is booting. This allows malicious code to be installed on the system before the operating system even loads, making it impossible to detect or remove without unusual protections in place. Alex Matrosov, founder and CEO of Binarly, stated that "the insufficient fix was meant to patch CVE-2024-10237, but it appears that the patch did not fully address the issue." The vulnerability affects servers running on motherboards sold by Supermicro, a leading manufacturer of server hardware. The company's products are widely used in data centers and cloud computing environments around the world. According to Binarly, the incomplete patch was released in January 2024, but it is unclear how many systems were affected. The discovery of this vulnerability highlights the importance of robust security measures in IT infrastructure. "This type of vulnerability can have significant consequences for organizations that rely on these servers," said Matrosov. "It's essential to take immediate action to patch and update systems to prevent potential attacks." Supermicro has not yet commented on the issue, but Binarly is urging customers to take steps to mitigate the risk. The company recommends applying a comprehensive security patch to affected systems and implementing additional protections to prevent malicious firmware from being installed. The incident serves as a reminder of the ongoing threat of cyberattacks and the need for organizations to prioritize cybersecurity measures. As Matrosov noted, "this type of vulnerability can have far-reaching consequences, and it's essential that we take proactive steps to protect our systems." Background Supermicro has faced criticism in the past for its handling of security vulnerabilities. In 2018, the company was accused of installing backdoors on its server motherboards, allowing Chinese hackers to access sensitive data. The allegations were later disputed by Supermicro, but they highlighted the importance of robust security measures in IT infrastructure. Current Status and Next Steps Binarly is working with Supermicro to address the issue and provide a comprehensive patch to affected systems. In the meantime, organizations are urged to take immediate action to mitigate the risk. This includes applying a security patch to affected systems and implementing additional protections to prevent malicious firmware from being installed. As the cybersecurity landscape continues to evolve, it's essential that organizations prioritize robust security measures to protect their IT infrastructure. The discovery of this vulnerability serves as a reminder of the ongoing threat of cyberattacks and the need for proactive steps to prevent potential attacks. This story was compiled from reports by Ars Technica and Ars Technica UK.