{
	"id": "66b1fb2c-8654-4490-bf79-534b4ee76d8c",
	"created_at": "2026-04-06T00:15:43.473136Z",
	"updated_at": "2026-04-10T03:21:27.101967Z",
	"deleted_at": null,
	"sha1_hash": "49dd64d2981c58c9439a250a6e8bd32f7a1b9d01",
	"title": "Supermicro, Pulse Secure release fixes for 'TrickBoot' attacks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1969496,
	"plain_text": "Supermicro, Pulse Secure release fixes for 'TrickBoot' attacks\r\nBy Lawrence Abrams\r\nPublished: 2021-03-05 · Archived: 2026-04-05 22:21:36 UTC\r\nSupermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the\r\nTrickBot malware's UEFI firmware-infecting module, known as TrickBoot.\r\nLast year, cybersecurity firms Advanced Intelligence and Eclypsium released a joint report about a new malicious firmware-targeting 'TrickBoot' module delivered by the notorious TrickBot malware.\r\nWhen executed, the module will analyze a device's UEFI firmware to determine if it has 'write protection' disabled. If it is,\r\nthe malware contains the functionality to read, write, and erase the firmware.\r\nhttps://www.bleepingcomputer.com/news/security/supermicro-pulse-secure-release-fixes-for-trickboot-attacks/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/supermicro-pulse-secure-release-fixes-for-trickboot-attacks/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThis could allow the malware to perform various malicious activities, such as bricking a device, bypassing operating system\r\nsecurity controls, or reinfecting a system even after a full reinstall.\r\nTo check if a UEFI BIOS has 'write protection' enabled, the module uses the RwDrv.sys driver from the RWEverything\r\nutility.\r\n\"All requests to the UEFI firmware stored in the SPI flash chip go through the SPI controller, which is part of the\r\nPlatform Controller Hub (PCH) on Intel platforms. This SPI controller includes access control mechanisms,\r\nwhich can be locked during the boot process in order to prevent unauthorized modification of the UEFI firmware\r\nstored in the SPI flash memory chip.\r\nModern systems are intended to enable these BIOS write protections to prevent the firmware from being\r\nmodified; however, these protections are often not enabled or misconfigured. If the BIOS is not write-protected,\r\nattackers can easily modify the firmware or even delete it completely,\" Eclypsium and Advanced Intel.\r\nThe malware's ability to analyze a device's firmware is currently restricted to specific Intel platforms, including Skylake,\r\nKaby Lake, Coffee Lake, Comet Lake.\r\nSupermicro, Pulse Secure release advisories\r\nIn an advisory released today, Supermicro is warning that some of their X10 UP motherboards are vulnerable to the\r\nTrickBoot malware and have released a 'critical' BIOS update to enable write protection.\r\n\"Supermicro is aware of the Trickboot issue which is observed only with a subset of the X10 UP motherboards.\r\nSupermicro will be providing a mitigation for this vulnerability,\" Supermicro warned today in a security advisory.\r\nThe vulnerable X10 UP-series (\"Denlow\") motherboards are listed below.\r\n1. X10SLH-F (will EOL on 3/11/2021)\r\n2. X10SLL-F (EOL’ed since 6/30/2015)\r\n3. X10SLM-F (EOL’ed since 6/30/2015)\r\n4. X10SLL+-F (EOL’ed since 6/30/2015)\r\n5. X10SLM+-F (EOL’ed since 6/30/2015)\r\n6. X10SLM+-LN4F (EOL’ed since 6/30/2015)\r\n7. X10SLA-F (EOL’ed since 6/30/2015)\r\n8. X10SL7-F (EOL’ed since 6/30/2015)\r\n9. X10SLL-S/-SF (EOL’ed since 6/30/2015)\r\nSupermicro has released BIOS version 3.4 to fix the vulnerability but has only released it publicly for the X10SLH-F motherboard.\r\nFor those motherboards that have reached the end of life, owners must contact Supermicro to get access to the new BIOS.\r\nPulse Secure also issued an advisory as their Pulse Secure Appliance 5000 (PSA-5000), and Pulse Secure Appliance 7000\r\n(PSA-7000) devices run on vulnerable Supermicro hardware.\r\nAt this time, Pulse Secure has released a BIOS patch for devices running Pulse Connect Secure or Pulse Policy Secure.\r\nPulse One (On-Prem Appliance Only) owners will have to wait a bit longer for a patch to be released.\r\nPulse Secure warns that apply the patch will require a reboot of the device.\r\nhttps://www.bleepingcomputer.com/news/security/supermicro-pulse-secure-release-fixes-for-trickboot-attacks/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/supermicro-pulse-secure-release-fixes-for-trickboot-attacks/\r\nhttps://www.bleepingcomputer.com/news/security/supermicro-pulse-secure-release-fixes-for-trickboot-attacks/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/supermicro-pulse-secure-release-fixes-for-trickboot-attacks/"
	],
	"report_names": [
		"supermicro-pulse-secure-release-fixes-for-trickboot-attacks"
	],
	"threat_actors": [],
	"ts_created_at": 1775434543,
	"ts_updated_at": 1775791287,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/49dd64d2981c58c9439a250a6e8bd32f7a1b9d01.pdf",
		"text": "https://archive.orkl.eu/49dd64d2981c58c9439a250a6e8bd32f7a1b9d01.txt",
		"img": "https://archive.orkl.eu/49dd64d2981c58c9439a250a6e8bd32f7a1b9d01.jpg"
	}
}