Quote:Tens of thousands of servers made by Supermicro could be exposed to remote attacks from the internet due to baseboard management controller (BMC) vulnerabilities identified by researchers at firmware security company Eclypsium.
 
The BMC, a small computer present on a majority of server motherboards, allows administrators to remotely control and monitor a server without having to access the operating system or applications running on it. The BMC can be used to reboot a device, install operating systems, update firmware, and monitor system parameters.
 
Researchers from Eclypsium and other companies showed in the past that BMC vulnerabilities can pose a serious risk. Eclypsium on Tuesday reported finding more BMC flaws that appear to be specific to Supermicro servers.
 
The security holes, collectively tracked as USBAnywhere, affect a virtual media service implemented on Supermicro X9, X10 and X11 servers. The impacted service is designed to allow users to remotely connect a disk image as a virtual USB, CD or floppy drive.