On Thursday 19 June, Leaseweb learned of the new critical SuperMicro baseboard management controller (BMC) vulnerability that allows retrieving the remote login password via an internet scan on port 49152.
We continuously look out for security issues that may have an impact on our customers. An integral part of preventing or limiting the impact these issues might have, is to make sure as many people as possible know how to deal with them.
Our engineers have looked into the vulnerability with top priority and found that, due to successful patching performed in the past, we were able to mitigate the associated risk. As a results, the impact on Leaseweb Customers was very limited.
Customers with affected servers were informed during the following weekend (21/22 June) and were provided with all relevant information on how to patch their servers.
We always recommend our customers to keep the software on their servers up-to-date. It’s one of the ways to ensure your business is secure. If you have any questions, feel free ask them in the comments below.