Lenovo introduces patch for hundreds of thousands of weak laptops


safety information

Shane Snyder

Cybersecurity agency ESET has detected three critical vulnerabilities that depart greater than 100 Lenovo laptop computer fashions open to malware and different assaults.

Lenovo has fastened critical vulnerabilities on tons of of its shopper laptop computer fashions discovered by ESET researchers, who made laptops a possible goal for malware assaults.

ESET mentioned greater than 100 completely different laptop computer fashions and hundreds of thousands of customers worldwide might be affected. The vulnerabilities would enable attackers to deploy and execute UEFI malware as a Flash implant, akin to Lojax or UEFI bootkit.

ESET reported all found vulnerabilities to Lenovo in October 2021, and that Lenovo has software program updates out there to resolve the problems. Lenovo on March 12 revealed a listing of firmware updates to deal with the vulnerabilities. Lenovo didn’t reply to messages searching for remark by press time.

“UEFI threats may be extraordinarily covert and harmful,” Martin Smoller, an ESET researcher, mentioned in an announcement. “They’re executed early within the boot course of earlier than management is transferred to the working system, which suggests they’ll bypass safety measures and mitigations increased within the stack which will forestall their working system payloads from being executed.”

He mentioned, “Our discovering means that in some circumstances the deployment of UEFI threats might not be as troublesome as anticipated and the massive quantity of real-world UEFI threats found over the previous a number of years means that adversaries are involved about it.” know.”

ESET mentioned the primary two vulnerabilities have an effect on UEFI firmware drivers that have been initially supposed just for Lenovo’s manufacturing course of. ESET mentioned they’d been unintentionally included within the notebooks on the BIOS photographs with out deactivating them and left these machines weak. A 3rd risk was discovered to be an SMM reminiscence corruption that may enable arbitrary reads/writes to/from SMRAM, which may result in the execution of malicious code, the corporate mentioned.

“All the real-world UEFI threats found in earlier years—Lojax, MosaicRegressor, Moonbounce, ESPector, FinSpy—must bypass or disable the safety mechanism ultimately with a view to be deployed and executed,” Smolar wrote. ESET defined that hackers may use the vulnerability to implant malicious software program on SPI Flash, a small reminiscence chip situated on a pc’s motherboard and usually protected by the BIOS management register.

ESET’s chief safety campaigner Tony Anscombe defined that BIOS programs are a very weak goal as a result of even eradicating the onerous drive doesn’t clear up the safety risk. “If a cybercriminal can achieve entry to the gadget, they’ll disable lots of the safety mechanisms which are on the gadget,” he mentioned. “And naturally it makes the entire system extra weak to assaults. That is why it is vital {that a} shopper really goes and checks if that gadget is on the listing and in that case, they really replace their firmware.” We do.”

Anscombe mentioned that ESET has uncovered vulnerabilities prior to now which have affected billions of gadgets. “So, it is so much, however in perspective, we have seen huge circumstances of vulnerabilities,” he mentioned. “And it is software-level. And let’s be clear: No software program is ideal. Irrespective of how a lot you check it, generally it has vulnerabilities.”

ESET mentioned the threats may be carried out early within the boot course of, bypassing nearly all safety measures and the one repair is ​​to replace the firmware.

    Learn about Shane Snyder

Shane Snyder

Shane Snyder is a senior affiliate editor overlaying private computing, cellular gadgets, semiconductor information, {hardware} critiques, breaking information and reside occasions. Shane is a veteran journalist who has labored for newspapers in New York and North Carolina. He may be contacted at ssnider@thechannelcompany.com.


Supply hyperlink