Supermicro is aware of the Trickboot issue which is observed only with a subset of the X10 UP motherboards. Supermicro will be providing a mitigation for this vulnerability.
TrickBoot is a new functionality within the TrickBot malware toolset capable of discovering vulnerabilities and enabling attackers to read/write/erase the device’s BIOS.
TrickBoot checks if the BIOS control register is unlocked and the BIOS region contents can be changed. Reconnaissance actions allow BIOS to be read/written or removed in later phases of the attack. One can install a backdoor or "brick" the vulnerable machine. Malicious code planted on the BIOS can survive OS reinstalls.
Supermicro confirmed that the following motherboard products are affected by this vulnerability and will be providing mitigation.
|Motherboard||BIOS||Vulnerability “Trickboot”||Vulnerability Score||BIOS with the Fix|
|X10 DP-series||BIOS DP||Not detected||N/A||N/A|
|BIOS UP||Not detected||N/A||N/A|
|BIOS UP||Missing BIOS Write Protections||High/8.2||BIOS v3.4|
|X11 UP-series||BIOS UP||Not detected||N/A||N/A|
|X11 DP-series||BIOS DP||Not detected||N/A||N/A|
|X12 UP-series||BIOS UP||Not detected||N/A||N/A|
BIOS with the fix will be released for the non-EOL’ed products. BIOS for the EOL products will be available by request. Please check product pages or the Download page for BIOS availability.
This is the list of the affected X10 UP-series (H3 Single Socket “Denlow”) motherboards:
- X10SLH-F (will EOL on 3/11/2021)
- X10SLL-F (EOL’ed since 6/30/2015)
- X10SLM-F (EOL’ed since 6/30/2015)
- X10SLL+-F (EOL’ed since 6/30/2015)
- X10SLM+-F (EOL’ed since 6/30/2015)
- X10SLM+-LN4F (EOL’ed since 6/30/2015)
- X10SLA-F (EOL’ed since 6/30/2015)
- X10SL7-F (EOL’ed since 6/30/2015)
- X10SLL-S/-SF (EOL’ed since 6/30/2015)
Supermicro recommends the following best practices:
- Check devices to ensure that BIOS write protections are enabled.
- Verify firmware integrity by checking firmware hashes against known good versions of firmware.
- Update firmware to mitigate numerous vulnerabilities that have been discovered.
To minimize the exposure and prevent Trickbot infection, please follow the mitigation recommendations from the Center for internet Security: