Lenovo UEFI Security Flaws Affecting Over 100 Laptop Models Discovered, Company Issues Firmware Patches

[Pelican Press 0]

Lenovo UEFI Security Flaws Affecting Over 100 Laptop Models Discovered, Company Issues Firmware Patches

Lenovo has issued a security advisory related to three security vulnerabilities found on several laptops. The flaws affect over 100 Lenovo laptop models, across the company’s IdeaPad, Legion, and Yoga portfolios. Using the vulnerabilities, an attacker might be able to disable the Unified Extensible Firmware Interface (UEFI) Secure Boot feature and ******** arbitrary code on the laptop. The manufacturer has advised users with affected laptop models to update to the latest firmware for these devices from the official website, in order to stay protected.

Three vulnerabilities were discovered by ESET researchers and affect the UEFI Secure Boot feature, which is designed to verify and load trusted code when the laptop is booted. They were responsibly disclosed by the researchers to Lenovo in October 2021. The vulnerabilities were confirmed by the company in November and were assigned three CVEs (Common Vulnerabilities and Exposures) — CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, and a security advisory was

This is the hidden content, please

• Sign In
• or
• Sign Up

by the manufacturer on Monday.

According to ESET, which has

This is the hidden content, please

• Sign In
• or
• Sign Up

a detailed technical analysis of the security flaws, two of the vulnerabilities — CVE-2021-3971 (SecureBackDoor), and CVE-2021-3972 (ChgBootDxeHook), were introduced by the company after two UEFI firmware drivers were accidentally included in the firmware. These drivers are only used when manufacturing the laptop and can be exploited by attackers to turn off the UEFI Secure Boot feature and disable protection for the flash memory chip which stores the UEFI firmware. Security software and other solutions on the operating system will be unable to detect these threats as they ******** early in the boot process — before the operating system is loaded.

In order to bypass all the security features offered by Secure Boot, UEFI threats like the ones discovered by ESET, disable the secure mechanisms designed to load trusted code. According to the researchers, all the UEFI threats discovered in the wild including LoJax, MosaicRegressor, MoonBounce, ESPecter, FinSpy were able to bypass these mechanisms to ******** their malicious code. Similar security flaws were also discovered in HP firmware,

This is the hidden content, please

• Sign In
• or
• Sign Up

by SentinelOne last month.

The researchers also found a third security flaw — or CVE-2021-3970 (LenovoVariableSmm), which could lead to arbitrary code ********** in system management RAM (or SMRAM), with elevated privileges. In some cases, it can be used to activate the ChgBootDxeHook driver in order to disable UEFI Secure Boot feature, according to the researchers at ESET. All three security vulnerabilities discovered require the attacker to have local access to the device, but it is worth noting that Lenovo has assigned the flaws a “Medium” severity level in its advisory.

Over 100 consumer laptop models used by millions of users are affected by the security flaws, according to the researchers. Users who own devices that have active development support can

This is the hidden content, please

• Sign In
• or
• Sign Up

the latest firmware update for their laptop from Lenovo’s Advisory website. However, several other affected devices won’t be fixed as they have reached End of Development Support (EODS). However, these users can use a TPM-aware full-disk encryption to make disk data inaccessible if the UEFI Secure Boot configuration has been modified, according to the ESET researchers.

---

Affiliate links may be automatically generated – see our ethics statement for details.

This is the hidden content, please

• Sign In
• or
• Sign Up

lenovo laptop uefi security flaws secure boot vulnerabilities malware 100 models eset lenovo,uefi,uefi vulnerabilities,uefi secure boot,secure boot
#Lenovo #UEFI #Security #Flaws #Affecting #Laptop #Models #Discovered #Company #Issues #Firmware #Patches

This is the hidden content, please

• Sign In
• or
• Sign Up