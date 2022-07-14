ContributorsPublishersAdvertisers
Computers

This serious firmware flaw affects a whole load of Lenovo laptops

By Sead Fadilpašić
TechRadar
TechRadar
 2 days ago
https://img.particlenews.com/image.php?url=3Y6GCJ_0gfX86hH00
(Image credit: Shutterstock)

Three serious security vulnerabilities has been discovered, and patched, across a whole slew of Lenovo laptops.

Cybersecurity experts from ESET uncovered the issue in the ReadyBootDxe driver used by some Lenovo notebooks, as well as two buffer overflow issues found in the SystemLoadDefaultDxe driver, potentially allowing threat actors to hijack the startup routine of Windows installations.

The Yoga, IdeaPad, Flex, ThinkBook, V14, V15, V130, Slim, S145, S540, and S940 Lenovo lines are all affected, counting more than 70 endpoint (opens in new tab) models.

Improved code

"These vulnerabilities were caused by insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable," ESET Research tweeted out, recently.

"An attacker could create a specially crafted NVRAM variable, causing buffer overflow of the Data buffer in the second GetVariable call."

The company has also submitted improved code to Binarly's UEFI firmware analyzer 'efiXplorer,' the publication further found, which all interested admins can find on GitHub, for free.

The vulnerabilities, tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, reside in UEFI firmware, and as such, are quite dangerous. Exploiting them allows threat actors to run malware during boot, effectively circumventing any antivirus programs. It also makes malware more persistent, as wiping the disk, which is considered the Hail Mary of virus elimination, doesn’t help.

The silver lining is that not everyone can exploit these flaws - it does require a bit of knowledge. Still, more experienced crooks can wreak major damage.

To make sure their devices are safe, admins are advised to always keep them up to date, both on the software and on the hardware side of things, as well as to keep any software used, updated. Furthermore, having a strong firewall (opens in new tab) solution helps, as well as antivirus.

Users that don’t know exactly which Lenovo model they’re using can use the company’s automatic online detector here (opens in new tab).

Via: BleepingComputer (opens in new tab)

https://img.particlenews.com/image.php?url=3pe8ik_0gfX86hH00

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Comments / 0

Related
The Verge

The best laptop deals you can get right now

If you want a great laptop, you’re going to have to fork over a ton of money, right? Not necessarily. There are dozens of good laptops on the market at various price points. While it can feel overwhelming to find the right one for your needs (some are better suited for, say, college students, whereas others are ideal for gamers), that’s why we’ve come up with this list of some of the best laptop deals available right now.
COMPUTERS
The Verge

Google’s Chrome OS Flex is now available for old PCs and Macs

Google is releasing Chrome OS Flex today, a new version of Chrome OS that’s designed for businesses and schools to install and run on old PCs and Macs. Google first started testing Chrome OS Flex earlier this year in an early access preview, and the company has now resolved 600 bugs to roll out Flex to businesses and schools today.
SOFTWARE
IN THIS ARTICLE
#Firmware#New Laptops#Best Laptops#Windows Laptops#Datasize#Eset Research#Nvram#Github
CNET

Microsoft 365: How to Get Word, Excel and PowerPoint for Free

Microsoft 365, the evolution of the old Microsoft Office suite, features a variety of apps that you may need for work, school or your personal life. But the cost of a subscription adds up over time, which could become an obstacle to using Word, Excel, PowerPoint or other programs. Fortunately, if you want Microsoft 365, there are ways to get the service for free.
SOFTWARE
Android Central

Here are 7 of the best Prime Day Chromebook deals that are still live

You might be surprised, but a slew of Prime Day deals are still available so you can save some cash. There's everything from smartphone deals to Fire TV deals and everywhere in between, including Chromebooks. Prime Day is the perfect time to pick up a new Chromebook at a discount, considering that you can get some of your back-to-school shopping out of the way now, as opposed to procrastinating and missing out.
COMPUTERS
YOU MAY ALSO LIKE
NewsBreak
Lenovo
NewsBreak
Technology
NewsBreak
Computers
makeuseof.com

How to Set Windows Security Exclusions in Windows 11

Windows Security is Windows 11’s antivirus utility that scans files and processes in the background. However, its real-time background scanning can sometimes wrongly identify legitimate programs and processes as malicious (known as false positives). Such antivirus interference can block some software from launching. You can ensure Windows Security doesn’t...
SOFTWARE
TechRadar

AWS has patched a rather embarrassing Kubernetes bug

Amazon Web Services (AWS) has patched a rather embarrassing bug that could allow threat actors to gain elevated privileges on a Kubernetes cluster. The bug was found in the IAM Authenticator for Kubernetes, a plugin tool used by Amazon EKS - a managed container service to run and scale Kubernetes applications.
SOFTWARE
komando.com

Update your browser! Major issue hits Edge

No matter which internet browser you prefer, you must always keep it up to date. That is especially important this week, as Google’s Chrome and Microsoft’s Edge browsers are vulnerable to exploitation from hackers. A fix for the security flaw in Chrome was made available the other day....
COMPUTERS
The Windows Club

How to run old DOS Programs in Windows 11/10 using vDos

DOS stands for Disk Operating System. Earlier, before the invention of Windows OS, computers run on the Disk Operating System. The family of DOS includes MS-DOS, PC-DOS, Free-DOS, etc. Among these operating systems, MS-DOS was the most popular operating system and it was developed by Microsoft. Microsoft ended DOS after the release of Windows 95. You can still run DOS programs in the 32-bit Windows 10 operating system by using the NTVDM technology. NTVDM stands for NT Virtual DOS Machine. It is not installed in Windows 10 by default. When you run a DOS program on a 32-bit Windows 10 OS, you will receive a popup to install NTVDM. If we talk about 64-bit Windows 11/10 OS, you cannot run DOS programs. In this article, we will see how to run old DOS Programs in Windows 11/10 using vDOS.
SOFTWARE
TechRadar

Hackers could use your Mac to exploit Microsoft Word security flaws

Microsoft has shed light on a flaw in macOS that, if exploited, could allow threat actors to run arbitrary code, remotely. The flaw, tracked as CVE-2022-26706, enables the circumvention of macOS App Sandbox rules, enabling macros in Word documents to run. For years now, macros have been used by numerous...
SOFTWARE
TechRadar

Windows Server 20H2 is reaching end of life soon

Microsoft has reminded business users that version 20H2 of its Windows Server offering is reaching end of life on August 8 2022. This Semi-Annual Channel (SAC) version of Microsoft’s server will no longer receive updates including security patches from this time after almost two years of service. "Windows Server,...
SOFTWARE
Android Central

How to use Smart Widgets on Galaxy Tab S8

The Galaxy Tab S8 series gives you plenty of display space, but that doesn't mean you want to fill your home screen with a bunch of widgets. The easiest option is to use a Smart Widget that incorporates all of your favorite app widgets in one spot.
CELL PHONES
notebookcheck.net

Intel NUC Extreme with 13th gen Intel "Raptor Lake" CPUs reportedly launching this year alongside a new NUC Extreme Compute Element

After releasing the powerful NUC 12 Dragon Canyon with 12th gen “Alder Lake” CPUs earlier this year, Intel is reportedly preparing the next-generation NUCs with the upcoming 13th gen “Raptor Lake” processors. The information comes to us courtesy of user Lukedriftwood who posted an alleged roadmap of Intel’s NUC desktop kits on Reddit.
COMPUTERS
TechRadar

Nothing Phone 1 review

At first blush, the appeal of the Nothing Phone 1 rests on its standout design and the strength of its story. The company has clearly learnt lessons from its first product and the level of polish applied to the Phone 1 surpasses expectations, while unique features like its transparent back and glyph lighting marry novelty and functionality in a way that's absent from most other phones.
CELL PHONES
TechRadar

Google Cloud unveils its first Arm-powered VMs

Google Cloud has announced its first line of ARM-based virtual machines (VMs). The new Tau T2A chips (opens in new tab) will join Google's existing line of Tau VMs, which were launched in June 2021. Google says the new chips will be appropriate for scale-out workloads including web servers, containerized...
SOFTWARE
TechRadar

TechRadar

42K+
Followers
43K+
Post
5M+
Views
ABOUT

Its mix of genuine and reliable advice alongside entertaining and fun to read editorial content is why millions of people trust TechRadar to give them tech advice on everything from the latest smartphone releases to the best in digital cameras.

 http://www.techradar.com

Comments / 0

Community Policy