Dell has confirmed that some of its PowerEdge server motherboards were shipped to customers with malware code on the embedded server management firmware.

The infected motherboard was found on replacement Dell PowerEdge R410 rack servers, according to a post on a Dell support forum.

A Dell representative confirmed the issue after a customer received a call warning about the infected motherboard.

Here is the official word from Dell:

As part of Dell’s quality process, we have identified a potential issue with our service mother board stock, like the one you received for your PowerEdge R410, and are taking preventative action with our customers accordingly.  The potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware.  This malware code has been detected on the embedded server management firmware as you indicated.


We take matters of information security very seriously and believe that any impact to a customer’s information security is unlikely.  To date we have received no customer reports related to data security. Systems running non-Windows operating systems are not vulnerable to this malware and this issue is not present on motherboards shipped new with PowerEdge systems.  

 

UPDATE: After the publication of this story, Dell emailed the following statement from Forrest Norrod, vice president and general manager of server platforms.:

Dell is aware of the issue and is contacting affected customers.  The issue affects a limited number of replacement motherboards in four servers – PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410 – and only potentially manifests itself when a customer has a specific configuration and is not running current anti-virus software.   This issue does not affect systems as shipped from our factory and is limited to replacement parts only.  Dell has removed all impacted motherboards from its service supply chain and new shipping replacement stock does not contain the malware.  Customers can find more information on Dell’s community forum.

Categories: Compliance, Malware

Comments (5)

  1. Anonymous
    2

    That is terrible and inexcusable….the more we out-source and the more we move our technological services and help desk services offshore the more control we lose, the more vulnerable we are, and the more security risks we have to deal with…and knowing we have the methods in place to prevent them…hey Dell thanks for the apology anyway…we accept it..just like we continue to accept the apologies from microsoft, adobe, sun (oracle), and the list goes on…..then back to business as usual…..

     

  2. Anonymous
    5

    That’s what happens when you offshore to countries that are unfriendly to the USA.

Comments are closed.