A number of Dell motherboards may have been infected with malware code injected into embedded server management firmware.
“Malware code has been detected on embedded server management firmware,” Dell spokesperson “Matt M” confirmed in an official support forum post.
”[This] potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware. [We] are taking preventative action with our customers accordingly.”
Unsurprisingly, the spokesperson maintained that Dell had received “no customer reports” related to data security.
“We take matters of information security very seriously and believe any impact to a customer’s information security is unlikely.
“Systems running non-Windows operating systems are not vulnerable to this malware and this issue is not present on motherboards shipped new with PowerEdge systems.”
However, senior Sophos researcher Graham Cluley opined that the incident – while relatively limited in scope – did not bode well for the company.
“Even though it is believed that the malware only affects Windows-based operating systems, this is still embarrassing for Dell – and questions will be asked as to whether stringent enough quality control measures were in place to prevent unauthorized code from shipping with their hardware.”