Researchers have published details of two new flaws in Supermicro baseband management controller (BMC) firmware that hint at deeper weaknesses in the way the company currently secures this type of low-level software.
Supermicro is a leading maker of the server motherboards widely used in data centers. The BMC is a critical motherboard chip used to monitor system health independently of the OS on these systems, including when they’re powered down.
Anyone able to hijack this firmware would gain the power to control the server and gain persistence at a level below normal security software and the OS.
No Responses