1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Some Lenovo laptops may be carrying a serious security flaw

    From TechnologyDaily@1337:1/100 to All on Tue Apr 19 10:45:04 2022
    Some Lenovo laptops may be carrying a serious security flaw

    Date:
    Tue, 19 Apr 2022 09:36:59 +0000

    Description:
    Experts urge Lenovo owners to update fimware as soon as possible.

    FULL STORY ======================================================================

    Cybersecurity experts from ESET have found three security flaws in hundreds
    of different Lenovo laptop models which could put millions of users at risk.

    ESET said exploiting these vulnerabilities would allow attackers to deploy
    and successfully execute UEFI malware either in the form of SPI flash
    implants like LoJax or ESP implants like ESPecter.

    In total, three vulnerabilities have been discovered, which are now tracked
    as CVE-2021-3970, CVE-2021-3971 (also known as SecureBackDoor and SecureBackDoorPreim), and CVE-3972 (SMM memory corruption inside the SW SMI handler function). Bypassing security measures

    The first two can be activated to disable SPI flash protections (BIOS Control Register bits and Protection Range registers) or the UEFI Secure Boot feature from a privileged user-mode process during operating system runtime. The third, ESET explains, can allow an attacker to execute malicious code with
    SMM privileges, potentially leading to the deployment of an SPI flash
    implant.

    What makes them extremely dangerous, says ESET researcher Martin Smolr, is that they allow for the exploitation of UEFI threats that are executed early in the boot process, before transferring control to the operating system.

    That means they can bypass almost all security measures and mitigations
    higher in the stack that could prevent their operating system payloads from being executed, he said. Read more

    Billions of Windows and Linux devices at risk of hijacking


    This bootkit has been used to backdoor Windows devices for almost a decade


    Intel, Lenovo and more hit by major BIOS security flaws

    This is not the first UEFI threat thats been discovered. All of them, however (including LoJax, MosaicRegressor, MoonBounce, ESPecter, or FinSpy) need to bypass or disable the devices security mechanisms in order to work.

    The UEFI boot and runtime services are essential for the operation of any endpoint , as drivers and applications need them to properly run.

    ESETs researchers are strongly advising all Lenovo laptop owners to go
    through the list of affected devices found here , and update the firmware as per the manufacturers instructions.

    Owners whose devices reached end-of-life can use a TPM-aware full-disk encryption solution capable of making disk data inaccessible if the UEFI Secure Boot configuration changes, ESET concluded. No security stack is complete without a great firewall



    ======================================================================
    Link to news story: https://www.techradar.com/news/some-lenovo-laptops-may-be-carrying-a-serious-s ecurity-flaw/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)