Update your Lenovo laptop security features now that Lenovo has fixed a security issue that disabled security features

Two excrescencies allow crooks to kill UEFI Secure Boot 

Lenovo says it has fixed two major security vulnerabilities anguishing numerous of its ThinkBook, IdeaPad, and Yoga laptops, and is now prompting druggies to apply the fix as soon as possible. 

 

Due to mortal error, the issues mean that a troubled actor would potentially be suitable to kill the UEFI Secure Boot tool, letting them cargo and execute vicious law during the computer charge process( before the OS is brought up). Having malware loaded before the zilches renders most antivirus results useless, and makes the malware flexible indeed to OS reinstalls. 

 

" The affected motorists were meant to be used only during the manufacturing process but were inaptly included in the product," ESET explained in a Twitter thread( opens in new tab). To exploit the excrescencies, trouble actors would need to make a special NVRAM variable, further buttressing ESET’s conclusion that UEFI firmware devs shouldn’t use NVRAM as a trusted storehouse. 

 

The two vulnerabilities in question are tracked as CVE-2022-3430 and CVE-2022-3431. The media also mentioned a third analogous vulnerability, tracked as CVE-2022-3432, but this one affects only one Lenovo model- the Ideapad Y700- 14ISK. Given that this device has formerly reached its end-of-life, Lenovo said it would not be issuing a fix. Those who believe to be vulnerable to the abovementioned excrescencies should go to Lenovo’s security bulletin and see if their model is on the list. The performances of the firmware that fixes these excrescencies are listed under the CVE IDs. 

 

 In July 2021, three serious security vulnerabilities were discovered and renovated, across a number of Lenovo laptops. Indeed also, ESET’s experimenters uncovered the issue in the ReadyBootDxe motorist used by some Lenovo scrapbooks, as well as two buffer overflow issues set up in the SystemLoadDefaultDxe motorist, potentially allowing trouble actors to commandeer the incipiency routine of Windows installations.

The Yoga, IdeaPad, Flex, ThinkBook, V14, V15, V130, Slim, S145, S540, and S940 Lenovo lines were each affected, counting further than 70 endpoint models. The vulnerabilities were tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892. 

Source url