Lenovo laptop users should update immediately

According to market research firm Gartner, Lenovo is currently the leading manufacturer in the laptop market with a 24.8% market share.

Recently, Chinese computer manufacturer Lenovo has warned users about a number of high-severity BIOS vulnerabilities affecting hundreds of devices of different models, including Desktop, All in One. , IdeaCentre, Legion, ThinkCentre, ThinkPad, ThinkAgile, ThinkStation, ThinkSystem…

Lenovo laptop users should update immediately - 1

Many Lenovo laptops are affected by the vulnerability. Photo: Lenovo

If the vulnerability is exploited, an attacker can steal critical information, escalate privileges, deny service, and in certain cases, execute arbitrary code.

The list of security vulnerabilities includes:

- CVE-2021-28216: Pointer error in TianoCore EDK II BIOS, allowing attackers to elevate privileges and execute arbitrary code.

- CVE-2022-40134: Information leak in SMI Set Bios Password SMI Handler, allowing attackers to read SMM memory.

- CVE-2022-40135: Information leak in Smart USB Protection SMI Handler, allowing attackers to read SMM memory.

- CVE-2022-40136: Information leak in SMI Handle used to configure platform settings via WMI, allowing attackers to read SMM memory.

- CVE-2022-40137: Buffer overflow in WMI SMI Handler, allowing attacker to execute arbitrary code.

SMM (Ring -2) is part of the UEFI firmware that provides system-wide functions such as low-level hardware control and power management.

Access to the SMM can be extended to the operating system and RAM, and storage resources. That's why both AMD and Intel have developed SMM isolation to keep user data safe from low-level threats.

Lenovo has fixed the issue in the latest BIOS updates for affected products. Most of the patches were released in July and August 2022.

Additional patches are expected to be available in late September and October, but some models will receive the update next year.

Interested readers can refer to the full list of affected computer models here.

Lenovo computer users can visit Lenovo's support page, type in the model they are using and select Manual Update, then download the latest BIOS patch.

Lenovo laptop users should update immediately - 3

Đăng nhận xét

Mới hơn