I just got a telephone call from a service scheduler informing me that the replacement R410 motherboard I received several weeks ago contains spyware in its embedded systems management firmware, and wanting to schedule an additional service call for a tech to come clean it off.

Unfortunately since the person calling was non-technical, she was unable to provide a lot of details. But I do believe the call to be legitimate as she had the service tag of one of my systems which did indeed receive a motherboard replacement recently.

Does Dell have an official article documenting this issue and laying out further details and the potential risks? Obviously it causes me grave concern be informed of a vulnerability but not have all of the technical details, especially when they asked to be able to schedule the service call to resolve the issue at least ten business days in the future.