跳转到主要内容
Supermicro’s response to Trickboot vulnerability, March 2021

Supermicro is aware of the Trickboot issue which is observed only with a subset of the X10 UP motherboards. Supermicro will be providing a mitigation for this vulnerability.

TrickBoot is a new functionality within the TrickBot malware toolset capable of discovering vulnerabilities and enabling attackers to read/write/erase the device’s BIOS.

TrickBoot checks if the BIOS control register is unlocked and the BIOS region contents can be changed. Reconnaissance actions allow BIOS to be read/written or removed in later phases of the attack. One can install a backdoor or "brick" the vulnerable machine. Malicious code planted on the BIOS can survive OS reinstalls.

Supermicro confirmed that the following motherboard products are affected by this vulnerability and will be providing mitigation.

MotherboardBIOSVulnerability “Trickboot”Vulnerability ScoreBIOS with the Fix
X10 DP-seriesBIOS DPNot detectedN/AN/A
X10 UP-series
(Grantley, Broadwell)
BIOS UPNot detectedN/AN/A
X10 UP-series
(Denlow)
BIOS UPMissing BIOS Write ProtectionsHigh/8.2BIOS v3.4
X11 UP-seriesBIOS UPNot detectedN/AN/A
X11 DP-seriesBIOS DPNot detectedN/AN/A
X12 UP-seriesBIOS UPNot detectedN/AN/A

BIOS with the fix will be released for the non-EOL’ed products. BIOS for the EOL products will be available by request. Please check product pages or the Download page for BIOS availability.

This is the list of the affected X10 UP-series (H3 Single Socket “Denlow”) motherboards:

  1. X10SLH-F (will EOL on 3/11/2021)
  2. X10SLL-F (EOL’ed since 6/30/2015)
  3. X10SLM-F (EOL’ed since 6/30/2015)
  4. X10SLL+-F (EOL’ed since 6/30/2015)
  5. X10SLM+-F (EOL’ed since 6/30/2015)
  6. X10SLM+-LN4F (EOL’ed since 6/30/2015)
  7. X10SLA-F (EOL’ed since 6/30/2015)
  8. X10SL7-F (EOL’ed since 6/30/2015)
  9. X10SLL-S/-SF (EOL’ed since 6/30/2015)

Supermicro recommends the following best practices:

  • Check devices to ensure that BIOS write protections are enabled.
  • Verify firmware integrity by checking firmware hashes against known good versions of firmware.
  • Update firmware to mitigate numerous vulnerabilities that have been discovered.

To minimize the exposure and prevent Trickbot infection, please follow the mitigation recommendations from the Center for internet Security:
https://www.cisecurity.org/white-papers/security-primer-trickbot/