Lenovo Issued Patches for the Three Vulnerabilities What happens with the first-mentioned vulnerability, dubbed CVE-2021-3970, on the other hand, is a case of memory corruption in the firm’s System Management Mode (SMM), which allows malicious code to run with the highest privileges. It means that exploitation of these vulnerabilities would allow attackers to deploy and successfully execute SPI flash or ESP implants, like LoJax or our latest UEFI malware discovery ESPecter, on the affected devices.
LENOVO DRIVER UPDATE DRIVERS
These affected firmware drivers can be activated by attacker to directly disable SPI flash protections (BIOS Control Register bits and Protected Range registers) or the UEFI Secure Boot feature from a privileged user-mode process during OS runtime.
Unfortunately, they were mistakenly included also in the production BIOS images without being properly deactivated. The first two of these vulnerabilities – CVE-2021-3971, CVE-2021-3972 – affect UEFI firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks.
LENOVO DRIVER UPDATE INSTALL
What can hackers do if abusing the Lenovo UEFI Firmware vulnerabilities successfully is that they may be able to disable SPI flash safeguards or Secure Boot, effectively allowing them to install persistent malware that can continue to live despite a system reboot. With the last two having an impact on firmware drivers initially designed for the sole use “during the production process of Lenovo consumer notebooks.” More Details on the Lenovo UEFI Firmware VulnerabilitiesĪccording to ESET researcher Martin Smolár’s report, the following CVEs were assigned to these flaws: By successfully exploiting these flaws, threat actors can deploy and execute firmware implants on the impacted devices. Researchers have recently identified three Lenovo UEFI firmware vulnerabilities of high impact located in various Lenovo laptop models that consumers use.
0 kommentar(er)
