security vulnerabilities An issue affecting at least 100 Lenovo laptop models could put millions of Lenovo laptop users worldwide at risk. Problems are in the firmware UEFI can facilitate the installation of devices and malwareAs announced by ESET this Tuesday (19).
Researchers at the cybersecurity company discovered three vulnerabilities in the BIOS in October last year. Two of these – CVE-2021-3971 and CVE-2021-3972 – can be used by cybercriminals to disable SPI flash protections or functions. UEFI Secure Boot on affected laptops.
The third — CVE-2021-3970 — consists of an SMM memory corruption within the SW SMI handler function. According to experts, it allows its execution malicious code with elevated privileges when exploited locally by an invader.
The report states: Attacks targeting UEFI firmware they are “highly hidden and dangerous” as they are executed in the early stages of the boot process and are difficult to detect. In this way, threats can overcome “nearly any superior security and mitigation measures that contribute to preventing attacks.”
hour Lenovo laptop UEFI vulnerabilities It has already been fixed through security patches just released by the Chinese giant. However, in order to be protected from possible attacks, you need to install the updates on the support page of the brand.
On the same site, you can browse the list of laptop models affected by bugs in series such as: IdeaPad 3, IdeaPad Game 3, legion 5 and yoga slim, among others. This Software update can be done manually or with the help of update management tools provided by Lenovo.
It should be noted that some older models are also affected, but they will not have access to the fix as they are not supported.
Source: Tec Mundo