Lenovo: UEFI firmware updates close dangerous gap

VG word pixels

laptops

Over 70 models of Lenovo laptops are affected by a UEFI firmware vulnerability. The manufacturer has released suitable updates.

News

Lenovo Yoga 6 lead story
Current Lenovo laptops have a hole in the UEFI BIOS.
© Lenovo /dam_point /shutterstock.com / Montage: PC Magazine

security researchers from ESET have encountered a vulnerability affecting over 70 laptop models including the ThinkBooks, IdeaPad and Yoga series from Lenovo. Attackers can use a buffer overflow in the data transmission of the UEFI BIOS to inject and execute malicious code at device level even before the installed operating system boots and security mechanisms take effect. Lenovo responded promptly and is providing updates for affected models.

Exploiting the vulnerability is very dangerous, but at least it was classified as not serious or even likely. on the Lenovo support websites there is a list of affected devices and instructions on how to get the appropriate downloads. A total of three gaps are closed. They affect the ReadyBootDxe, SystemLoadDefaultDxe, and SystemBootManagerDxe drivers in some Lenovo notebooks. They are summarized under the identification numbers CVE-2022-1890, CVE-2022-1891 and CVE-2022-1892.

Go to the product page of your device on the Lenovo website and find the item “Drivers & Software”. Compare available firmware update version numbers with those in the table on the linked website. Then follow the options to download an update relevant to you.

Among the affected devices, there are frequently found models such as the IdeaPad 3, Legion S7, ThinkBook15-IIL or Lenovo Yogas from various series. In many cases, only one of the drivers mentioned is vulnerable and requires an update. All three drivers need to be replaced on some 14 and 15 inch ThinkBooks.

See also  Elden Ring Controller Not Working (Fix)
Lenovo
Lenovo Yoga: always a reliable companion.

Laptops & notebooks

Vulnerabilities found in Lenovo devices

Three major security vulnerabilities have been discovered in Lenovo devices. The manufacturer recommends installing firmware updates.

14.7.2022 from
The-Khoa Nguyen

Continue to home page

more on the subject

Browser test 2020: The new Edge vs. Chrome & Firefox

Chrome, Edge and Firefox

Browser vulnerability: passwords stored in plain text

A vulnerability in Google Chrome allows passwords to be read in plain text. But Edge and Firefox should also be affected.

lock bit

Beware of these emails

LockBit: False copyright warning brings ransomware

E-mails are currently circulating warning of copyright infringements. In reality, however, it is a ransomware attack with LockBit.

© wk1003mike / shutterstock

“Professional Service Provider”

Lockbit 3.0: Blackmailers offer bug bounty program

The makers of the Lockbit ransomware appear to be extorting enough money to professionalize their “service”. There’s even a bug bounty program.

Pro Tips: Administer Exchange Server 2010

“session manager”

Microsoft: More targeted attacks on Exchange servers

A vulnerability in Microsoft Exchange has been actively exploited for the past year. Also affected are…

Stylized padlock next to the inscription



Reference-www.pc-magazin.de