Vendors Slowly Patch Critical MegaRAC Flaw

itwbennett writes: From the Network World article:

Weeks after BIOS developer AMI released an update fixing a critical vulnerability in its MegaRAC baseband management controller (BMC) firmware used in many enterprise servers and storage systems, OEM patches addressing the issue are slowly trickling out.

The latest vendor to release patches was Lenovo, which appears to have taken until April 17 to release its patch. And although Asus patches for four motherboard models appeared only this week, the exact time these were posted is unconfirmed; the dates on the updates range from March 12 to March 28.

Among the first to release a patch was Hewlett Packard Enterprise (HPE), which on March 20 released an update for its HPE Cray XD670, used for AI and high-performance computing (HPC) workloads. Other OEMs known to use AMI’s MegaRAC BMC include AMD, Ampere Computing, ASRock, ARM, Fujitsu, Gigabyte, Huawei, Nvidia, Supermicro, and Qualcomm.