Vulnerabilities allowing permanent infections affect 70 models of Lenovo laptops
Vulnerabilities allowing permanent infections affect 70 models of Lenovo laptops
Expand
Lenovo
For owners of over 70 Lenovo laptop models, it's time again to patch UEFI firmware against critical vulnerabilities that attackers can exploit to install nearly impossible-to-detect malware or to delete.
The laptop maker on Tuesday released updates for three vulnerabilities researchers found in the UEFI firmware used to boot a slew of its laptop models, including the Yoga, ThinkBook and IdeaPad lines . The company assigned a medium severity rating to the vulnerabilities, which are tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892 and affect ReadyBootDxe, SystemLoadDefaultDxe, and SystemBootManagerDxe drivers, respectively.
ESET
ESET
ESET
"The vulnerabilities can be exploited to achieve arbitrary code execution in the early stages of platform startup, potentially allowing attackers to hijack the operating system's execution flow and disable certain features of security issues," security firm ESET said. "These vulnerabilities are caused by insufficient validation of the DataSize parameter passed to the UEFI Runtime Services GetVariable function. An attacker could create a specially crafted NVRAM variable, causing a data buffer overflow on the second GetVariable call. »
The vulnerabilities can be exploited to achieve arbitrary code execution in the early stages of platform startup, potentially allowing attackers to hijack the flow of system execution operation and disable important security features. 2/6
— ESET Research (@ESETresearch) July 13, 2022
Short for Unified Extensible Firmware Interface, UEFI is the software that links a computer's device firmware to its operating system. As the first software to run when virtually any modern machine is turned on, it's the first link in the security chain. Since UEFI resides in a flash chip on the motherboard, infections are difficult to detect and remove. Typical measures such as wiping the hard drive and reinstalling the operating system have no significant impact as the UEFI infection will simply re-infect the computer afterwards.
Many motherboard-resident flash chips that store UEFI have access control mechanisms that can be locked during the boot process to prevent unauthorized firmware changes. It is unclear if the affected Lenovo models have this capability. Even if so, these protections are often disabled, misconfigured, or hampered by vulnerabilities. ESET researchers were not immediately available to comment on the exploit requirements for these particular vulnerabilities.
In any case, Lenovo laptop owners should take a minute to review Wednesday's advisory to see if their model is vulnerable, as firmware updates often require manual installation.
For owners of over 70 Lenovo laptop models, it's time again to patch UEFI firmware against critical vulnerabilities that attackers can exploit to install nearly impossible-to-detect malware or to delete.
The laptop maker on Tuesday released updates for three vulnerabilities researchers found in the UEFI firmware used to boot a slew of its laptop models, including the Yoga, ThinkBook and IdeaPad lines . The company assigned a medium severity rating to the vulnerabilities, which are tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892 and affect ReadyBootDxe, SystemLoadDefaultDxe, and SystemBootManagerDxe drivers, respectively.
ESET
ESET
ESET
"The vulnerabilities can be exploited to achieve arbitrary code execution in the early stages of platform startup, potentially allowing attackers to hijack the operating system's execution flow and disable certain features of security issues," security firm ESET said. "These vulnerabilities are caused by insufficient validation of the DataSize parameter passed to the UEFI Runtime Services GetVariable function. An attacker could create a specially crafted NVRAM variable, causing a data buffer overflow on the second GetVariable call. »
The vulnerabilities can be exploited to achieve arbitrary code execution in the early stages of platform startup, potentially allowing attackers to hijack the flow of system execution operation and disable important security features. 2/6
— ESET Research (@ESETresearch) July 13, 2022
Short for Unified Extensible Firmware Interface, UEFI is the software that links a computer's device firmware to its operating system. As the first software to run when virtually any modern machine is turned on, it's the first link in the security chain. Since UEFI resides in a flash chip on the motherboard, infections are difficult to detect and remove. Typical measures such as wiping the hard drive and reinstalling the operating system have no significant impact as the UEFI infection will simply re-infect the computer afterwards.
Many motherboard-resident flash chips that store UEFI have access control mechanisms that can be locked during the boot process to prevent unauthorized firmware changes. It is unclear if the affected Lenovo models have this capability. Even if so, these protections are often disabled, misconfigured, or hampered by vulnerabilities. ESET researchers were not immediately available to comment on the exploit requirements for these particular vulnerabilities.
In any case, Lenovo laptop owners should take a minute to review Wednesday's advisory to see if their model is vulnerable, as firmware updates often require manual installation.
Expand
Lenovo
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
