Laptops

Lenovo UEFI Secure Boot Vulnerability Found In Various Laptops

The computer manufacturer Lenovo has closed two serious security gaps that allow attackers to infect devices with malware undetected. Various ThinkBook, IdeaPad and Yoga laptop models are affected.

Lenovo therefore recommends importing the newly available UEFI firmware updates as a matter of urgency. The affected Lenovo UEFI software was not intended for productive operation and, according to the manufacturer, was published unintentionally.

The vulnerabilities it contains could allow attackers to disable UEFI Secure Boot, allowing them to stealthily enter their victims’ systems without a security check being performed.

Verification system doesn’t work

UEFI Secure Boot is the verification system that ensures that malicious code cannot be loaded and executed during the computer boot process. If this check is defeated, unsigned, malicious code can also be executed.

In this way, attackers circumvent all security precautions and can inject malware almost unnoticed, which persists even when the operating system is reinstalled. Microsoft had already warned of the error. The problem stems from Lenovo inadvertently including an early development driver in the final production releases that could change Secure Boot settings, the vulnerability documentation now states.

However, this also means that the vulnerabilities are not due to a regular bug in the code, but to a practical flaw, which is that the wrong driver was shipped. ESET researchers discovered that this had happened and reported it to Lenovo.

vulnerabilities

The two vulnerabilities fixed by Lenovo through the BIOS address the following vulnerabilities:

  • CVE-2022-3430: A vulnerability in the WMI setup driver on some Lenovo consumer notebook devices could allow an elevated attacker to change the Secure Boot setting by modifying an NVRAM variable.
  • CVE-2022-3431: A vulnerability in a driver used during the manufacturing process on some Lenovo consumer notebook devices, which was inadvertently not disabled, could allow an elevated attacker to compromise the Secure Boot setting by changing a Modify NVRAM variable.

There is a third vulnerability of a similar nature, tracked as CVE-2022-3432, which only affects the IdeaPad Y700-14ISK. Lenovo will not fix this vulnerability because the affected product has reached end of life (EOL).

Owners of supported Lenovo computers can check the model list in the manufacturer’s security bulletin to determine if they are affected by any of the vulnerabilities and have security updates.

Share
Published by
Yasir Zeb

Recent Posts

Crash in the smartphone market: lowest sales figures in 13 years

The global smartphone market is experiencing a severe downturn, recording its worst quarter in 13…

14 hours ago

Pixel 11: Mega leak shows images and data from the new Google smartphones

Amazon made a big mistake and revealed the entire lineup of the Google Pixel 11…

14 hours ago

Top 10 Payment Card Tools for Everyday Digital Finance

A payment card is easiest to understand when users see how it fits into real…

20 hours ago

OnePlus is ‘dead’: Oppo wants to soon announce its withdrawal from the EU & USA

OnePlus will soon be history. At least in Europe and the USA. What has been…

20 hours ago

Switch 2 OLED: Nintendo is apparently planning a display upgrade after all

Nintendo is reportedly still internally planning an OLED version of the Switch 2 for the…

20 hours ago

Maps: Google launches major visual update with immersive navigation

Google appears to be starting to distribute the new immersive navigation for Google Maps. The…

20 hours ago