News

Lenovo laptops open to attack — what to do right now

Security firm ESET announced today that three security flaws in hundreds of Lenovo laptops could expose millions of users to potentially serious problems.The flaws would allow hackers to plant malware that bypasses certain

Affected laptops include Lenovo Ideapads, Flex and Yoga and Lenovo Legion gaming laptops. The good news is that Lenovo has released firmware updates for the affected models. Here’s everything you need to know and how to tinker with your laptop.

Three bugs found

ESET researcher Martin Smolár discovered three vulnerabilities in Lenovo laptops and reported them to the company in October 2021.

The first two vulnerabilities (CVE-2021-3971 and CVE-2021-3972) allow attackers with access to laptops to install so-called UEFI malware, malicious code that is activated during laptop startup and can bypass embedded code. safety measures.

The vulnerabilities were caused by Lenovo accidentally leaving behind UEFI firmware drivers that ESET said were only intended to be used in the manufacturing process. These drivers remain in the BIOS image sent to the consumer.

The third (CVE-2021-3970) was discovered during ESET’s investigation of the first two issues; this vulnerability allows someone with direct access to a laptop to plant code into the machine’s SMRAM. This can be used to insert malware into a laptop’s SPI flash chip, allowing it to bypass security protocols as well.

How do you know if your Lenovo laptop is affected and what to do about it?

The full list of laptops affected by these vulnerabilities can be found on Lenovo’s support page. They include the following models:

  • Ideapad 3 (14″, 15″ and 17″ models)
  • Elastic 3
  • L340 Gaming Laptop
  • Legion 5
  • Legion 5 Pro
  • Legion 7
  • Legion S7
  • Legion Y540
  • Legion Y545
  • Legion Y7000
  • lenovo s14 g2
  • Creative Block S145
  • Creative Block S540
  • Ideapad Slim 7 Pro
  • Creative Block Smart 9
  • V14 (G1 and G2)
  • yoga 7
  • Yoga Slim 7 Pro
  • Slim Yoga 9

Lenovo provides links to support pages for these affected laptops, where you can download the latest firmware updates. We will install these updates as soon as possible to protect your system.

Content

Lenovo laptops open to attack — what to do right now

Three security flaws in hundreds of Lenovo laptops could have exposed millions of users to potentially serious issues, security firm ESET announced today. These vulnerabilities would have allowed hackers to implant malware that would bypass a number 
Affected laptops include Lenovo Ideapads, Flex and Yoga notebooks, and Lenovo Legion gaming laptops. The good news is Lenovo has issued firmware updates for the affected models. Here’s everything you need to know, and how to patch your laptop.
Three vulnerabilities found
ESET researcher Martin Smolár discovered three vulnerabilities in Lenovo laptops, and reported it to the company in October, 2021.
The first two vulnerabilities (CVE-2021-3971 and CVE-2021-3972) would have allowed an attacker with access to a laptop to install so-called UEFI malware — malicious code that activates during a notebook’s startup, and can bypass built-in security protections. 
These vulnerabilities were a result of Lenovo accidentally leaving in place UEFI firmware drivers, where were meant to only be used during the manufacturing process, according to ESET. These drivers were left in the BIOS images that shipped to consumers. 
The third (CVE-2021-3970) was uncovered during ESET’s investigation of the first two issues; this vulnerability would have allowed someone with direct access to a laptop to implant code in a machine’s SMRAM. This could then be used to insert malware into a notebook’s SPI flash memory chip, which also lets it bypass security protocols.
How to tell if your Lenovo laptop is affected and what to do
On Lenovo’s support page, you can find a complete list of the laptops affected by these security vulnerabilities. They include the following models:
Ideapad 3 (14-, 15- and 17-inch models)
Flex 3
L340 gaming laptop
Legion 5
Legion 5 Pro
Legion 7
Legion S7
Legion Y540
Legion Y545
Legion Y7000
Lenovo S14 G2
Ideapad S145
Ideapad S540
Ideapad Slim 7 Pro
Ideapad Slim 9
V14 (G1 and G2)
Yoga 7
Yoga Slim 7 Pro
Yoga Slim 9
Lenovo provides links to the support pages for these affected laptops, where you can download the latest firmware updates. We install these updates ASAP so your system is protected. 

#Lenovo #laptops #open #attack

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

Back to top button