As clock ticks, vendors slowly patch critical flaw in AMI MegaRAC BMC firmware

Weeks after BIOS developer AMI released an update fixing a critical vulnerability in its MegaRAC baseband management controller (BMC) firmware used in many enterprise servers and storage systems, OEM patches addressing the issue are slowly trickling out.

A BMC is an embedded chip that allows IT teams to monitor, troubleshoot, and control servers remotely via the industry standard Redfish interface, even when they are turned off or the OS is unresponsive. This makes exploits particularly dangerous.

A patch for the latest vulnerability, Identified as CVE-2024-54085, was released by AMI on March 11. However, its fix was only the beginning of the story; numerous OEMs still had to process the update for their individual server products.

Unfortunately, this has taken time, increasing the risk that an attacker will exploit the issue.

The original article found on As clock ticks, vendors slowly patch critical flaw in AMI MegaRAC BMC firmware | CSO Online Read More

Related Posts

How Banking Trojan Grandoreiro is Evolving Tactics To Attack Victims in LATAM

B1ack’s Stash MarketPlace Actors to Release 4 Million Stolen Credit Card Details for Free

Jaguar Land Rover Allegedly Hacked – Threat Actor Leaked 700 Internal Documents