A red faced Dell is apologizing to customers after admitting that some of their PowerEdge rack servers shipped with malware infected firmware. They gave no specifics about the malware but assured customers that only a limited number of servers had the issue and that the remaining inventory has been removed from the supply chain. Dell also said they don’t believe the malware poses any serious threat:
We take matters of information security very seriously and believe that any impact to a customer’s information security is unlikely. To date we have received no customer reports related to data security. Systems running non-Windows operating systems are not vulnerable to this malware and this issue is not present on motherboards shipped new with PowerEdge systems.
The affected servers include the PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410. The company is contacting affected customers but if you own one of these servers and are worried, contact Dell customer service.
The company has offered no explanation of how the malware got into the servers in the first place.