Be Alert!!! Lenovo Firmware Vulnerabilities Affect Millions of Laptops.

ImageSource: https://researchsnipers.com

A few days ago, consumer electronics maker Lenovo, rolled out fixes to curb three security flaws in its UEFI firmware affecting over 70 product models. “The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features,” Slovak cybersecurity firm ESET said in a series of tweets. Tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, all three bugs relate to buffer overflow vulnerabilities that have been described by Lenovo as leading to privilege escalation on affected systems. Martin Smolár from ESET has been credited with reporting the flaws.

The bugs stem from an insufficient validation of an NVRAM variable called “DataSize” in three different drivers ReadyBootDxe, SystemLoadDefaultDxe, and SystemBootManagerDxe, resulting in a buffer overflow that could be weaponized to achieve code execution. This is the second time Lenovo has moved to address UEFI security vulnerabilities since the start of the year. In April, the company resolved three flaws (CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972) — also discovered by Smolár — that could have been abused to deploy and execute firmware implants. Users of impacted devices are highly recommended to update their firmware to the latest version to mitigate potential threats.

Conclusion

Security updates can never be overemphasised. The best practice remains to update your software and firmware as required.

 

 

Total
0
Shares
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Prev
Breaking News!!! There is a Tenth Planet in Our Solar System.

Breaking News!!! There is a Tenth Planet in Our Solar System.

Technological Advancement we would say is almost like living and doing the

Next
Harmful RAT!!! Australian Hacker Charged for Creating and Selling Spyware…

Harmful RAT!!! Australian Hacker Charged for Creating and Selling Spyware…

A 24-year-old Australian man has been charged with developing and selling the

You May Also Like
0
Would love your thoughts, please comment.x
()
x