Supermicro server firmware weaknesses require skillful exploitation. This is because of the complexity they offer while exploiting it. Since one needs skill to exploit supermicro vulnerabilities, they tend to give attackers more control, appearing as if they have gained physical access into the system.
Eclyspium is an organization established by two of Intel former executives with an aim of getting rid of Server firmware vulnerabilities. They got into research to come up with viable solutions. Its researchers have identified weaknesses of Supermicro firmware servers. Besides, it was found that supermicro vulnerabilities cannot be exploited easily.
Fortunately, these weaknesses are able to be exploited through malicious software present and operating in the system. However, serving the servers with a malicious code poses a challenge. Although they can be exploited easily, the malware will receive similar effects to that of attackers gaining physical access into the system.
Any physical attacker that opens the case will easily attach a hardware programmer to remove protections. According to Eclypsium findings attacks can ensure scaling superior malware effectively via malicious software as an alternative to physical access.
First and foremost are the configuration issues of a few supermicro products, in place of the firmware. This problem comes with Descriptor Region setting, an Intel chipsets feature that shows the chipset areas on its flash storage, that are accessible to third parties.
In regard to Eclypsium findings, through insecurely having the descriptor configured, malicious software, owning an admirative privilege right in the host Operating System might be permitted to alter firmware code contents and data which the main processor will neither require to read or write. This problem identified by supermicro has been around since 2008.
The other weakness affects the UEFI system that deals with firmware updates towards the server. To ensure updates installation, UEFI specification uses a standardized mechanism to store and process updates in a capsule form which during the boot process is accessible to the firmware. This prevents the firmware from interfering with the upgrading process.
Eclypsium confirmed observing unstable firmware updates by conducting a runtime examination on the different systems. This includes a couple of systems which insecurely authenticated firmware updates. Then, researchers downloaded a uniform firmware update, changed the codes to a certain module, and successfully applied it into systems by the help of standard update tools. Therefore, allowing malicious codes to be served inside the firmware.
Lack of anti-rollback protections for ancient firmware images installation. Eclypsium identified that a few updates had no proper signing, therefore initial versions were installed instead of the new firmware, an occurrence that should have been avoided. A certain attacker may intend to install an older firmware with a known weakness, in order to facilitate its exploitation, a reason for not installing an older firmware.
The in-depth Eclypsium blog thoroughly explains how mitigation of Supermicro weaknesses. For now, I will leave you with it as a homework to read. I contacted Supermicro but they did not comment on it, though they assured me they have been working hand in hand with Eclyspium concerning these vulnerabilities.