Cyber experts have discovered serious security vulnerabilities in Lenovo computers. In total, millions of users around the world are affected. What to do now
Experts of the IT security company ESET has discovered three serious security vulnerabilities in laptops from the Chinese technology group Lenovo. These affect more than a hundred different models of laptops that are used in millions of homes around the world.
Almost all current manufacturer models are affected, from entry-level devices to high-end products. You can find a full list of affected devices on the corresponding Lenovo website.
Malicious code can be installed on affected devices
Two of the discovered vulnerabilities relate to UEFI firmware drivers, as experts report in more detail. These are so-called “back doors” through which attackers can gain access to the affected device and inject malicious code or control the computer externally.
Basically, these backdoors can only be accessed during the manufacturing process, but due to a mistake, they were transferred to the finished computer system and then delivered to customers around the world.
Another vulnerability discovered by the ESEresearchers known as SMM memory corruption, it allows arbitrary reads and writes to and from SMRAM (System Management RAM). This vulnerability can also be used to execute malicious code.
Firmware update required
As ESET researchers explain, UEFI threats can be extremely stealthy and dangerous. Since they are executed very early in a computer’s boot process, they can also bypass almost all security measures.
Security experts advise all affected users to immediately install the latest firmware on their devices. Lenovo explains how this works on the corresponding website.
ESET reported the vulnerabilities to Lenovo on October 11, 2021.
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.