>100 Lenovo Laptop Models Vulnerable 04-19-2022, 10:49 PM
#1
A list of over 100 laptops made by Lenovo are susceptible to several vulnerabilities found by ESET. Updates were rolled out.
Read More: https://www.pcworld.com/article/633410/u...-risk.html
Quote:Security firm ESET said Tuesday that it has found several UEFI vulnerabilities in a wide swathe of over 100 different Lenovo consumer laptop models, which can be patched by updating the notebook’s firmware.
The full list of affected laptops includes the Ideapad-3, the Legion 5 Pro-16ACH6 H, and the Yoga Slim 9-14ITL0. ESET discovered the vulnerability late last year. Lenovo then worked to develop a patch and released it on the manufacturer’s website. ESET didn’t say whether these vulnerabilities were actively being exploited in the wild.
Specifically, the three different vulnerabilities would allow an attacker to modify either the protected boot settings or the firmware itself, a change that would survive the reinstallation of the operating system, ESET said. “UEFI threats can be extremely stealthy and dangerous,” the firm wrote. “They are executed early in the boot process, before transferring control to the operating system, which means that they can bypass almost all security measures and mitigations higher in the stack that could prevent their OS payloads from being executed.”
A third vulnerability in the SMI Handler code would allow an attacker with local access and elevated privileges to execute arbitrary code, giving them control of the machine.
Read More: https://www.pcworld.com/article/633410/u...-risk.html
![[Image: fSEZXPs.png]](https://i.imgur.com/fSEZXPs.png)
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)