Security researchers have found a way to attach virtual USB devices remotely to Supermicro servers, including over the internet, by abusing a feature in their baseband management controller software.
Eclypsium researchers found a common design flaw within the hardware device drivers from multiple vendors. In total, the number of hardware vendors affected runs to 20 and includes every major BIOS vendor. The nature of the vulnerability has the potential for the widespread compromise of Windows 10 machines.
Security researchers from Eclypsium published details about two vulnerabilities that can be used to establish extremely persistent backdoors that can survive even OS reinstalls. Two different bugs, EOLs, and a complex supply chain make patching a nightmare.
Read ZDNet article
In the News
Eclypsium Platform Now Generally Available; Joint Demos Available at RSA Conference
Eclypsium recognized for pioneering security that defends the firmware layer of the enterprise from vulnerabilities and threats
Madrona Venture Group, Andreessen Horowitz and Intel Capital Invest in Eclypsium’s Oversubscribed Series A Round.